Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎11-17-2021 08:50 AM Edited on ‎06-06-2022 01:10 PM By Anonymous

Article Id 198884

Technical Tip: Virtual routing and forwarding ID configuration

 

Description This article describes how to configure VRF (virtual routing and forwarding) IDs directly on the interface from GUI. 
Scope 6.0 and 6.2 version supports VRF configuration only through CLI. 6.4.2 and later has added to its GUI .   
Solution

The VRF IDs can be displayed in the routing monitor and can be used to create black hole static routes. 
VRF allows multiple routing table instances to co-exist on the same router. 
One or more interfaces have a VRF, and packets are only forwarded between interfaces with the same VRF. 
 
Enable Advanced Routing in System -> Feature Visibility to use this feature. 
 
1). To configure a VRF ID from GUI. 
 
Configure the interface: 
 
- Go to Network -> Interfaces, select 'Create New Interface'. 
- Enter a value in the VRF ID field. 
- Configure the other settings as needed. 
- Select 'OK'. 
 

ppatel_0-1637155848805.png

 

2). Add a Blackhole static route using the VRF ID. 

 

- Go to Network > Static Routes and select 'Create New'. 
- Enter the subnet. 
- In the Interface field, select 'Blackhole'. 
- In the VRF ID field, enter the ID you created under  Step 1. 
- Select 'Ok'. 

 

ppatel_1-1637155848805.png

CLI Configuration. 
 
1). Configure the interface. 

 

 #config system interface 
    edit test_interface 
    ... 
        set vrf 14 
    next 
 end 

 

2). Add a Blackhole static route using the VRF ID. 

 

 #config router static 
    edit 3 
        set dst 8.8.8.8 255.255.255.255 
        set blackhole enable 
        set vrf 14 
    next 

  

There is no need to assign the VRF 14 in the static route configuration for “test_interface”. All routes relating to interface “test_interface” are automatically isolated to VRF 14 routing table. 

However, to create blackhole static routes in VRF 14, you need to mention the VRF 14 in the static route configuration as the blackhole route is never bound to any interface. 

 

Command to check all VRF's routing table: 

 #get router info routing-table all 

  

Command to check specific VRF routing table: 

 

# get router info routing-table all vrf <VRF_ID> 

# get router info routing-table all vrf 14 

# get router info routing-table all vrf 0 

 

Command to check specific VRF routing table database: 

 

# get router info routing-table database vrf <VRF_ID> 

# get router info routing-table database vrf 14 

# get router info routing-table database vrf 0 

 

Likewise, if the OSPF is configured on interface VRF then verify the OSPF routes for that VRF using: 

 

 #get router info routing-table ospf vrf <VRF_ID> 

 

 
2046
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.