Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ciordan
Staff
Staff

Created on ‎09-26-2019 12:23 AM

Technical Tip: Static routes with address objects or groups

Description
This article describes how to configure a static route with address objects or address groups.
Solution
Configure a standard Address with the help of the GUI in Policy&Objects:
Specify the name, type and subnet.

GUI View:





CLI view of the created address object:
Test_Fortigate # sh firewall address Test_range
config firewall address
    edit "Test_range"
        set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
        set subnet 10.0.0.0 255.255.255.0
    next
end
Test_Fortigate #
Configure a standard Address Group with the help of the GUI in Policy&Objects:
Specify the name and the members.

GUI View:


CLI view of the created address group:
Test_Fortigate # sh firewall addrgrp Test_group
config firewall addrgrp
    edit "Test_group"
        set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
        set member "Test_range"
    next
end
Test_Fortigate #
If a static route is configured with an address object or group as destination, there will be no entries.
Test_Fortigate # conf router static

Test_Fortigate (static) # edit 1
new entry '1' added

Test_Fortigate (1) # set dstaddr
<string>    please input string value

Test_Fortigate (1) # set dstaddr
Enable static route configuration from the GUI or set allow-routing enable from the CLI for the Address object or Address Group:


Test_Fortigate # sh firewall address Test_range
config firewall address
    edit "Test_range"
        set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
        set allow-routing enable
        set subnet 10.0.0.0 255.255.255.0
    next
end
Test_Fortigate #

Test_Fortigate # sh firewall addrgrp Test_group
config firewall addrgrp
    edit "Test_group"
        set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
        set member "Test_range"
        set allow-routing enable
    next
end
Test_Fortigate #
If static route is configured with an address object or group as destination, there will be available entries:
Test_Fortigate # conf router static
Test_Fortigate (static) # edit 1

Test_Fortigate (1) # set dstaddr
<string>    please input string value
Test_range      address
Test_group      addrgrp

Test_Fortigate (1) # set dstaddr
It is possible to check the configured static route under Network -> Static Routes from the GUI or with show router static from the CLI


Test_Fortigate # sh router static
config router static
    edit 1
        set gateway 192.168.1.1
        set device "wan1"
        set dstaddr "Test_group"
    next
end
Test_Fortigate #

13481
0 Kudos
Contributors

Contact Us