This articles describes the limitations in using Loopback as a gateway interface for static routes,
FortiGate v7.2.1 to FOS 7.2.4.
Solution
Changes in default behavior:
Loopback interfaces are no longer allowed to be configured as gateway interfaces on static routes. Upon upgrade, static route configurations with loopbacks as gateway interfaces will be removed.
Version 7.2.0 and below:
Configuring Static Route with Loopback as a gateway interface is allowed.
From version 7.2.1 to 7.2.4:
The user will get an error message as shown below when trying to configure the static route with loopback as the gateway interface:
Affected use case: a loopback interface may be used in a static route so that the route can be advertised by BGP using the network or redistribute static. This scenario can no longer be configured.
Workaround: instead of creating a static route using a loopback interface, create a black hole route for the same destination. Then, advertise the network in BGP using network or redistribute static.
1) Configure the blackhole route:
GUI:
CLI:
2) Advertise this network in BGP:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.