Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arie12092
New Contributor III

FortiGate Static Route Priority

Hi,

If the FortiGate has 2 default route but with different priority like below:

 

config router static

edit 1

set device wan1

set gateway 192.168.208.29

set priority 10

next

edit 2

set device wan1

set gateway 192.168.208.30

set priority 20

next

end

 

Without the link-monitor configuration, can FortiGate failover to static route #2 when the static route #1 is unreachable?

 

Thanks

Arie

1 Solution
Toshi_Esumi
Esteemed Contributor II

In your setting, both GWs are from the same vendor/ISP on wan1 interface. And it's providing the vendors GW redundancy in case the primary GW device goes down. (I'm assuming those GW devices are not yours.)

Link-monitor can take away static routes only per interface so it wouldn't work if both are on the same wan1.

 

To me you have to have a routing protocol set up with those two GW devices/neighbors to control the default routes. With static default routes, only thing you can do is when you noticed lost internet you would have to remove the primary default route manually.

 

Toshi

View solution in original post

2 REPLIES 2
gfleming
Staff
Staff

No. In this scenario all you can really do is use policy routes to manually steer traffic over the second link.

https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/360563/dual-internet-connect...

Cheers,
Graham
Toshi_Esumi
Esteemed Contributor II

In your setting, both GWs are from the same vendor/ISP on wan1 interface. And it's providing the vendors GW redundancy in case the primary GW device goes down. (I'm assuming those GW devices are not yours.)

Link-monitor can take away static routes only per interface so it wouldn't work if both are on the same wan1.

 

To me you have to have a routing protocol set up with those two GW devices/neighbors to control the default routes. With static default routes, only thing you can do is when you noticed lost internet you would have to remove the primary default route manually.

 

Toshi