Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
navellano
Staff
Staff

Created on ‎01-23-2025 12:46 AM Edited on ‎05-14-2025 10:03 AM By Moderator

Article Id 371083

Technical Tip: Unable to configure static routes for SD-WAN zone

Description This article describes how to mitigate error 'You cannot have duplicated routes on SD-WAN and non SD-WAN interfaces'.
Scope FortiGate.
Solution

The error occurred only when there were existing static routes for non-SD-WAN interfaces. 

To mitigate the issue, it is recommended to establish a console connection on the FortiGate device first, as it needs to delete/remove all the existing static routes associated with the SD-WAN interfaces. To keep the FortiGate connection active, a console connection is required. 

 

This is the actual error: 

 

In GUI:

 

11.jpg

 

In the command line: 

 

12.jpg

 

Delete all of the existing static routes linked with the SD-WAN interfaces: 

 

13.jpg

After being removed, routes on the SD-WAN zone can now be added: 

 

In GUI:

 

14.jpg

 

In CLI:

 

15.jpg

 

Command 'get router info routing-table all' can be executed to verify if the routes have been added to the routing table. 

Related Articles:
786
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.