Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
n00b
New Contributor

Static route is added/removed very frequently!

Hello guys!

 

I'm new here.

Would like to hear some helpful ideas regarding an issue.

I have Fortigate 100D with FortiOS v5.2.4

It is set up with spill-over wan link load balance with 2 ISP connected to FG.

 

Now, the problem is static route is installed and uninstalled repeatedly.

Any ideas is appreciated.

 

See below configuration.

FG100Dxxxxxxxxxx # config router static FG100Dxxxxxxxxxx (static) # show config router static     edit 1         set virtual-wan-link enable     next end

FG100Dxxxxxxxxxx # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP        O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default S*      0.0.0.0/0 [10/0] via x.x.x.193, wan1                   [10/0] via x.x.x.241, wan2 C       x.x.x.192/29 is directly connected, wan1 C       192.168.100.0/24 is directly connected, lan C       x.x.x.240/29 is directly connected, wan2

 

FG100Dxxxxxxxxxx # show sy virtual-wan-link config system virtual-wan-link     set status enable     set load-balance-mode usage-based         config members             edit 1                 set interface "wan1"                 set gateway x.x.x.193                 set spillover-threshold 10000                 set detect-server "8.8.8.8"                 set detect-failtime 2                 set detect-recoverytime 2             next             edit 2                 set interface "wan2"                 set gateway x.x.x.241                 set spillover-threshold 10000                 set detect-server "4.2.2.2"                 set detect-failtime 2                 set detect-recoverytime 2             next         end end

3 REPLIES 3
ismael_rodrigues
New Contributor

Hi

The problem is static route is installed and uninstalled repeatedly, some return?

 

I have the same symptoms in my firewall.

 

bobm

Check you WAN links for failures. Did you have upstream pings enabled in 5.0 to check for WAN link status?  I had dual WAN links configured for failover in 5.0, but when I upgraded to 5.2 I decided not to tear down all my policies to create the new virtual WAN model.  So whenever one of our links goes down long enough to trigger an alert, we now get a notification of static links being uninstalled and then reinstalled every time the WAN link state changes.

emnoc
Esteemed Contributor III

Alternatively you can adjust your fail/recovery times. I bet the  route is drop/add due to miss packets and  "2" is very aggressive imho

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors