Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cravikumar
Staff
Staff

Created on ‎11-26-2024 09:15 AM

Article Id 360047

Troubleshooting Tip: DHCP option 121 static route in the routing-table

Description

This article describes how DHCP option 121 adds a static route in the table and how to remove it.

 

In this scenario, no static routes were configured, yet there are still routes present in the table.

 

Static route:

 

us1.png

 

us2.png

 

Routing table:

 

us3.png

 
Scope FortiGate.
Solution

This is due to DHCP being enabled on port3.

 

us4.png

 

The port3's gateway sends static routes through DHCP option 121. Refer to this link for instructions on how to push static routes from FortiGate when it is acting as a DHCP server.

 

us5.png

 

By default, it has an Administrative distance (AD) value of 5, which is preferred over a manually configured static route with an AD value of 10. Note that lower AD values are preferred.

 

To remove these routes from the table, either disable 'Retrieve default gateway from server' or increase the AD to any value higher than 10 and select 'Renew'.
Labels:
769
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.