When adding a new static route or prefix list with an invalid 'dst' or 'prefix' format via the CLI, the system defaults to 0.0.0.0/0, which can lead to unintended routing behavior.

1. When attempting to configure a static route with an invalid 'dst' value, FortiGate sets the destination to 0.0.0.0/0 as shown below:

FGT # config router static
FGT (static) # edit 58
new entry '58' added
FGT (0) # set dst 333.444.555.666/32
invalid ip address
value parse error before '333.444.555.666/32'
Command fail. Return code -8
FGT (0) # set device port10
FGT (0) # set gateway 10.0.6.2
FGT (0) # next
The destination is set to 0.0.0.0/0 which means all IP addresses.

FGT # show full router static 58
config router static
edit 58
set status enable
set dst 0.0.0.0 0.0.0.0
set gateway 10.0.6.2
set device "port10"
.
next
end

2. When an invalid 'prefix' is used in a prefix list configuration, the prefix defaults to 0.0.0.0/0:

FGT # config router prefix-list
FGT (prefix-list) # edit 1
new entry '1' added
FGT (1) # config rule
FGT (rule) # edit 1
new entry '1' added
FGT (1) # set prefix 333.444.555.666/32
Invalid ip address
node_check_object fail! for prefix 333.444.555.666/32
value parse error before '333.444.555.666/32'
Command fail. Return code -8
FGT (1) # next
FGT (rule) # show full
config rule
edit 1
set action permit
set prefix 0.0.0.0 0.0.0.0
unset ge
unset le
next
end

This issue has been resolved in FortiOS version 7.6.3.

Workaround:
Add the static route and prefix-list via GUI to avoid misconfigurations.