Hello everyone,
Can someone explain to me why I can't add two default static routes with the destination 0.0.0.0/0.0.0.0 when there is a default route via a WAN Load Balancing "interface"?
For example, here's my WAN LB configuration:
Here's how the routing table looks like (please disregard the missing gateway):
This is how the new default route should look like:
And here's the error I get when I click OK on the previous screenshot:
This is the system info:
Thank you,
Slavko
NSE 7
All oppinions/statements written here are my own.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
slavko wrote:This is odd. What happens if you disable the load-balancing interface(s) first and/or load the config into a text editor, add the route, load it back into the fgt.:) Tried that already. Won't let me. When I send the end, it prints out an error message. That's why I'm here. :)
I am assuming port10 is your backup link? If it's not, I would set the dest IP/mask to the network (mask) used on that interface.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Wan Load Balance feature designed to load balancing outgoing traffic over its member interfaces per ECMP and load balancing algorithm. so usually a static/default required to configured over wan-load-balance/virtual-wan-link to make ECMP happened.
If another default route allowed, may mean one more ECMP route added, FGT will face the dilemma of load balancing between Wan Load Balance member interfaces or with the one more interface.
if you just want add one more backup interface, you can put it into wan load balance with different distance or priority setting
I think this is the design idea.
What does the routing monitor show? Can you perform "show router static" on the CLI to see what entries are listed?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Sure, here it is:
And this is the routing table:
Please note that this is a test VM which I'm currently using.
NSE 7
All oppinions/statements written here are my own.
Try adding the new route via the CLI; if you are able too, I would mark it down as a "bug" or glitch with the GUI or browser compatibly .
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
:) Tried that already. Won't let me. When I send the end, it prints out an error message. That's why I'm here. :)
NSE 7
All oppinions/statements written here are my own.
slavko wrote:This is odd. What happens if you disable the load-balancing interface(s) first and/or load the config into a text editor, add the route, load it back into the fgt.:) Tried that already. Won't let me. When I send the end, it prints out an error message. That's why I'm here. :)
I am assuming port10 is your backup link? If it's not, I would set the dest IP/mask to the network (mask) used on that interface.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Wan Load Balance feature designed to load balancing outgoing traffic over its member interfaces per ECMP and load balancing algorithm. so usually a static/default required to configured over wan-load-balance/virtual-wan-link to make ECMP happened.
If another default route allowed, may mean one more ECMP route added, FGT will face the dilemma of load balancing between Wan Load Balance member interfaces or with the one more interface.
if you just want add one more backup interface, you can put it into wan load balance with different distance or priority setting
I think this is the design idea.
Hi,
I got the same error me too while configured a route using device as wan- load balance. But i was already having a default route going out via another connection, while i removed the other default route then i was able to add the route with device wan load balance. But the problem i need the other default route also i have my email etc going out the this connection.
it may be a bug i don't know any solution plz
I think this routing behaviour is by design. Looking at the set up you have a bundled virtual link which you then point your default route pointed to. As the Virtual link knows its gateways it then passes traffic to these gateways based on what kind of load balancing you apply. You can then use link quality checking to ensure that all is healthy.
I think in the original post instead of 0.0.0.0 in the gateways section of the WAN Link LB you need to have the gateways of the ISP. The default route then needs to point to 'virtual-wan-link'.
This probably explains things better then me:-
http://cookbook.fortinet....ernet-connections-520/
Ob
Hello !
[size="4"]I have same problem [&o] with Foritgate 200D OS 5.2.3 !! what is the solution ? [/size]
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.