Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
shafiq23
Staff & Editor
Staff & Editor

Created on ‎12-17-2024 10:33 PM Edited on ‎12-18-2024 10:08 PM By Staff

Article Id 365339

Technical Tip: Change default route priority selection for FortiWeb Public Cloud

Description This article discusses default route behavior in the FortiWeb Public Cloud platform and how to modify it according to environment requirements.
Scope FortiWeb-VM Public Cloud platform.
Solution

FortiWeb-VM in the Public Cloud platform by default uses the DHCP interface in port1. IP address and gateway route retrieved from the DHCP server. Normally, port1 is used for Management access and no Internet access is allowed for the subnet.

 

Requirement:
Enforce FortiWeb to use port2 for the default route(Internet).

 

Topology sample(Azure):

 

Topology.png

 

In FortiWeb configuration, a default gateway is automatically added due to its DHCP interface mode.

 

config system interface
    edit "port1"
        set type physical
        set allowaccess ping ssh snmp http https FWB-manager
        set mode dhcp
        set description Management
            config secondaryip
        end

 config classless_static_route
    edit 1
        set gateway 10.64.1.1<-----
    next  

    edit "port2"
        set type physical
        set ip 10.65.1.2/16
        set allowaccess ping ssh snmp http https FWB-manager
        set description Untrust
             config secondaryip
        end

  config classless_static_route
  end
    next

end

 

The FortiWeb route table shows the default gateway via port1 selected for traffic forwarding although a default route is configured to forward all traffic via port2.

 

config router static
    edit 1
        set gateway 10.65.1.1
        set device port2
    next
end

 

diagnose network route list
0.0.0.0/0(none)->0.0.0.0/0(port1) via 10.64.1.1, pri 5 prot 2 scope 0 <-----
0.0.0.0/0(none)->0.0.0.0/0(port2) via 10.65.1.1, pri 10 prot 0 scope 0

 

To enforce the default route according to the static route in configuration, apply the below CLI command lines.

config system network-option
    set route-priority system
end

 

diagnose network route list
0.0.0.0/0(none)->0.0.0.0/0(port2) via 10.65.1.1, pri 10 prot 0 scope 0 <----- Default route via port2 is selected.
0.0.0.0/0(none)->0.0.0.0/0(port1) via 10.64.1.1, pri 15 prot 2 scope 0

 

From v6.3.6, only port1 is required to enable DHCP mode':
Configuring Fortiweb VM - Azure 

 

For more information about FortiWeb Public Cloud platform deployment:
FortiWeb Public Cloud Deployment Guide 
297
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.