Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NotMine
Contributor

Created on ‎11-17-2014 12:08 AM

Default routes and WAN Load Balancing

Hello everyone,

 

Can someone explain to me why I can't add two default static routes with the destination 0.0.0.0/0.0.0.0 when there is a default route via a WAN Load Balancing "interface"?

 

For example, here's my WAN LB configuration:

 

 

Here's how the routing table looks like (please disregard the missing gateway):

 

This is how the new default route should look like:

 

 

And here's the error I get when I click OK on the previous screenshot:

 

 

This is the system info:

 

Thank you,

Slavko

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
16025
0 Kudos
2 Solutions
Dave_Hall
Honored Contributor
In response to NotMine

Created on ‎11-17-2014 06:35 AM

slavko wrote:

:) Tried that already. Won't let me. When I send the end, it prints out an error message. That's why I'm here. :)

This is odd.  What happens if you disable the load-balancing interface(s) first and/or load the config into a text editor, add the route, load it back into the fgt. 

 

I am assuming port10 is your backup link?  If it's not, I would set the dest IP/mask to the network (mask) used on that interface.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4485
0 Kudos
Jzhang_FTNT
Staff
Staff
In response to NotMine

Created on ‎01-25-2017 11:06 AM

Wan Load Balance feature designed to load balancing outgoing traffic over its member interfaces per ECMP and load balancing algorithm. so usually a static/default required to configured over wan-load-balance/virtual-wan-link to make ECMP happened. 

If another default route allowed, may mean one more ECMP route added, FGT will face the dilemma of load balancing between Wan Load Balance member interfaces or with the one more interface.

if you just want add one more backup interface, you can put it into wan load balance with different distance or priority setting

 

I think this is the design idea.

View solution in original post

4485
0 Kudos
11 REPLIES 11
ede_pfau
SuperUser
SuperUser
In response to Ali_Jassim

Created on ‎02-04-2016 05:27 AM

Same problem, same reason:

There can only be ONE default route per system.

 

And yes, the LLB ports probably needed gateway addresses but that's not the crucial point here.

 

Check your network flow design if you need more than one default route ("route of last resort" - how many "last resorts" are there?).

 

And please, don't yell in posts. If you want to attract attention then please open a post of your own.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
794
0 Kudos
dphills
New Contributor
In response to ede_pfau

Created on ‎12-19-2016 03:31 PM

I am having the same issue.  I need to add a second default route for failover purposes.  The second default route will be at a higher distance.  I'm using the spillover functionality on the WLB, so I would prefer to keep that functionality.  I'm surprised Fortinet hasn't fixed this by now.

791
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.