Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎04-14-2005 12:00 AM Edited on ‎11-28-2025 08:09 AM By Community Manager

Article Id 198234

Technical Tip: Route preference and priority

Description

 

This article explains how to configure the FortiGate device to select a particular route when two or more Static and/or Dynamic routes to the same destination are present in the FortiGate routing table.

 

Scope

 

FortiGate.

 

Solution

 

FortiGate maintains its routing information in two tables: RIB and FIB.

 

RIB: The routing information base, is a routing table containing active, static, connected, and dynamic routes.

FIB: Forwarding information base, is the routing table from the Kernel Point of view.

 

The commands (and associated outputs) below show the information via the Command Line:

 

get router info routing-table all  

 

FGT_3 (root) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
* - candidate default

Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 172.25.183.1, wan1, [1/0]
C 10.80.90.0/24 is directly connected, TestSSID
C 10.253.240.0/20 is directly connected, wqt.root
C 169.254.1.1/32 is directly connected, FGT_Dialup
C 172.25.183.0/24 is directly connected, wan1

 

get router  info routing-table static  

 

FGT_3 (root) # get router info routing-table static
Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 172.25.183.1, wan1, [1/0]

 

get router info routing-table database  

 

FGT_3 (root) # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
> - selected route, * - FIB route, p - stale info

Routing table for VRF=0
S *> 0.0.0.0/0 [10/0] via 172.25.183.1, wan1, [1/0]
C *> 10.80.90.0/24 is directly connected, TestSSID
C *> 10.253.240.0/20 is directly connected, wqt.root
C *> 169.254.1.1/32 is directly connected, FGT_Dialup
C *> 172.25.183.0/24 is directly connected, wan1

 

get router info routing-table connected

 

FGT_3 (root) # get router info routing-table connected
Routing table for VRF=0
C 10.80.90.0/24 is directly connected, TestSSID
C 10.253.240.0/20 is directly connected, wqt.root
C 169.254.1.1/32 is directly connected, Z3_Dialup
C 172.25.183.0/24 is directly connected, wan1

 

get router info kernel

 

FGT_3 (root) # get router info kernel
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.20.30.0/32 pref=10.20.30.5 gwy=0.0.0.0 dev=7(dmz)
tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.20.30.5/32 pref=10.20.30.5 gwy=0.0.0.0 dev=7(dmz)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.20.30.255/32 pref=10.20.30.5 gwy=0.0.0.0 dev=7(dmz)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.80.90.0/32 pref=10.80.90.1 gwy=0.0.0.0 dev=27(TestSSID)
tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.80.90.1/32 pref=10.80.90.1 gwy=0.0.0.0 dev=27(TestSSID)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.80.90.255/32 pref=10.80.90.1 gwy=0.0.0.0 dev=27(TestSSID)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.125.124.0/32 pref=10.125.124.3 gwy=0.0.0.0 dev=29(vlantest)
tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.125.124.3/32 pref=10.125.124.3 gwy=0.0.0.0 dev=29(vlantest)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.125.124.255/32 pref=10.125.124.3 gwy=0.0.0.0 dev=29(vlantest)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.253.240.0/32 pref=10.253.255.254 gwy=0.0.0.0 dev=26(wqt.root)
tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.253.255.254/32 pref=10.253.255.254 gwy=0.0.0.0 dev=26(wqt.root)
tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.253.255.255/32 pref=10.253.255.254 gwy=0.0.0.0 dev=26(wqt.root)

 

A step-by-step guide to achieving this setup is provided in Technical Tip: Routing behavior depending on distance and priority for static routes, and Policy Bas....

Preview file
399 KB
Labels:
4746
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.