Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
blason
New Contributor

Created on ‎12-27-2017 06:22 AM

Can we roll out 5000 null routes at a moment?

Hi Guys,

 

I need to know if we can roll out or script bulk routing. That is I need to add certain malicious IPs may be 5000/6000 in numbers and need to add null route for those to block.

2872
0 Kudos
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Created on ‎12-28-2017 03:15 AM

hi,

 

that depends on your hardware and the version of FortiOS used.

For example, http://help.fortinet.com/fgt/54/max-values/5-4-6/max-values.html shows the hardcoded limits for "static routes" as 500 for a 100D, 10.000 for a 600D. Same limits apply for FOS v5.6.3 (but this is not always the case).

 

You can check the currently implemented value on your hardware as well.

Type "print tablesize" in the CLI, and look for the line containing "router.static". 'grep' unfortunately doesn't work in this context.

 

Using (and maintaining!) 5.000 blackhole routes is cumbersome to say the least. Why not trust FortiGuard botnet and malicious sites' IP lists which are updated continuously?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1407
0 Kudos
emnoc
Esteemed Contributor III
In response to ede_pfau

Created on ‎12-28-2017 07:47 AM

Agreed, managing   BH-routes or address group is not  effective.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1407
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.