FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nprakash
Staff
Staff
Article Id 250451
Description

 

This articles describes the limitations in using Loopback as a gateway interface for static routes,

 

Scope

 

FortiGate v7.2.1 to FOS 7.2.4.

 

Solution

 

Changes in default behavior:

 

Loopback interfaces are no longer allowed to be configured as gateway interfaces on static routes. Upon upgrade, static route configurations with loopbacks as gateway interfaces will be removed.

 

Version 7.2.0 and below:

Configuring Static Route with Loopback as a gateway interface is allowed.

 

From version 7.2.1 to 7.2.4:

The user will get an error message as shown below when trying to configure the static route with loopback as the gateway interface:

 

Loopback-error1.png   

 ed42ea82-1cf6-43d1-a10b-17bc991374fb.png

 

Affected use case: a loopback interface may be used in a static route so that the route can be advertised by BGP using the network or redistribute static. This scenario can no longer be configured.

 

Workaround: instead of creating a static route using a loopback interface, create a black hole route for the same destination. Then, advertise the network in BGP using network or redistribute static.


1) Configure the blackhole route:

GUI:                   

                                                                               

loopback-error2.png

 

CLI:

   loopback-error3.png

 

2) Advertise this network in BGP:

 

loopback-error4.png

Contributors