Description | This article describes the behavior of self-generated traffic in FortiGate devices with regards to Virtual Routing and Forwarding (VRF) instances. It outlines how FortiGate selects routes when multiple paths to a specific destination exist through different VRFs. |
Scope | FortiOS. |
Solution |
Route Selection Behavior:
When a FortiGate includes multiple paths to reach a specific destination IP address via different VRFs, it follows a defined selection process. The device will always choose the route associated with the lowest VRF number.
Example Scenario:
To illustrate this behavior, consider the following example where the FortiGate needs to reach the DNS server IP address '8.8.8.8'. The routing tables indicate that there are two available paths:
In this case, the FortiGate will select the route via 'Port1' (VRF 11) since it has the lower VRF number.
Routing Table Output:
The following command can be used to check the routing details for the destination IP address:
get router info routing-table details 8.8.8.8 <- The output will display the routing entries for both VRFs.
Routing table for VRF=11
Packet Sniffer Output:
To observe the traffic flow, The sniffer command mentioned below can be used. (The command output confirms that the FortiGate is indeed routing traffic through the selected interface (port1)):
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.