Description
This article describes how to override default route settings: administrative distance and priority, for the default route received from DHCP.
When on the DHCP WAN interface, if the 'Retrieve default gateway from server' option is enabled as shown below:
Then the DHCP server can send a gateway address with Option 3 (Router) on a DHCP Offer message:
With this, the FortiGate will add the following default route in the routing table:
FGT # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 192.168.174.2, port1
The default route has a default value of 5 for Administrative Distance (AD) and 1 for priority.
Before FortiOS v7.0.3, the default value of the priority was 0. After FortiOS v7.0.3, the minimum value for the priority changed to 1, and the default priority of the learned routes from DHCP is therefore 1.
So there are two ways the default route settings for the DHCP interface can be overridden :
Solution 1: Using the static route.
Disable the 'Retrieve default gateway from server' option from the interface, and then create a static route with the desired AD and priority, with the 'dynamic-gateway' option enabled.
CLI :
config router static
edit 1
set distance 3
set priority 25
set device "port1"
set dynamic-gateway enable
next
end
GUI:
From the GUI, when creating a static route, after selecting the DHCP interface under interfaces, it will give an option to select the Dynamic as the gateway address:
With the dynamic gateway option enabled, the static route will update the default gateway by itself whenever there is a change in the default gateway.
Below is the output of the routing table:
FGT # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
Routing table for VRF=0
S* 0.0.0.0/0 [3/0] via 192.168.254.254, port1, [25/0]
Solution 2:
Edit distance and priority under the DHCP interface configuration.
config system interface
edit "port1"
set vdom "root"
set mode dhcp
set distance 3
set priority 10
set allowaccess ping https ssh http
set type physical
set snmp-index 1
next
end
Below is the output of the routing table:
FGT # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
Routing table for VRF=0
S* 0.0.0.0/0 [3/0] via 192.168.254.254, port1, [10/0]
