Description | This article describes a scenario where the user is trying to configure a default static route via port9 which resides in a different VRF (5) instead of the default VRF. However, upon trying to configure the static route on the CLI, there is no option to specify the VRF. FG01 # config router static FG01 # edit 50 FG01 (50) # set status <----- Enable/disable this static route. *dst <----- Destination IP and mask for this route. gateway <----- Gateway IP for this route. preferred-source <----- Preferred source IP for this route. distance <----- Administrative distance (1 - 255). weight <----- Administrative weight (0 - 255). priority <----- Administrative priority (1 - 65535). *device <----- Gateway out interface or tunnel. comment <----- Optional comments. blackhole <----- Enable/disable black hole. dynamic-gateway <----- Enable use of dynamic gateway retrieved from a DHCP or PPP server. sdwan-zone <----- Choose SD-WAN Zone. dstaddr <----- Name of firewall address or address group. internet-service <----- Application ID in the Internet service database. internet-service-custom <----- Application name in the Internet service custom database. link-monitor-exempt <----- Enable/disable withdrawal of this static route when link monitor or health check is down. tag <----- Route tag. bfd <----- Enable/disable Bidirectional Forwarding Detection (BFD). |
Scope | FortiGate. |
Solution |
To create a static route with VRF, the interface needs to be in the VRF, and the route needs to reference the VRF. No need to specify the VRF on the route: config system interface
Then the static route should be configured as usual:
After running the below command, the static route should be visible on the routing table:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.