Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SprinteR
New Contributor II

Fortigate static route on the GRE over IPSEC

Hello, We have configured several VPN tunnels between our HQ and Branches. In configuration we see that our Branches WAN IP address is recognized be our Fortigate as a Static Route directed to IPSEC interface. Is it normal behavior and if it is possible to change it?

ipsec.png

 

FortiGate 

Oleksandr Pikulskyi
Oleksandr Pikulskyi
1 Solution
SprinteR
New Contributor II

Hi all, the issue has been resolved with the help of PBR.

Oleksandr Pikulskyi

View solution in original post

Oleksandr Pikulskyi
6 REPLIES 6
spoojary
Staff
Staff

Yes, it's normal for firewalls like Fortigate to automatically set up static routes for VPN tunnels based on the WAN IP addresses of your branches. This ensures traffic is properly encrypted and sent through the VPN. You can usually modify or override these routes through your firewall's management interface, but be cautious as changes can affect network connectivity.

Siddhanth Poojary
SprinteR
New Contributor II

@spoojary  Hi, thanks for the reply. But I tried to set up one office via a static route towards the WAN. Yes, it overwritten the route, but the connection is lost. Tunnel UP, but traffic stops going.

Oleksandr Pikulskyi
Oleksandr Pikulskyi
spoojary
Staff
Staff

check the ad distance between wan and ipsec as well as priority on the static route. make it the same and try.

Siddhanth Poojary
SprinteR
New Contributor II

@spoojary  I checked, with the same metrics, recursive routing is obtained and the route in the WAN does not always win. 

 

ipsec.jpg

Oleksandr Pikulskyi
Oleksandr Pikulskyi
SprinteR
New Contributor II

@spoojary Hi, any other ideas? Or workaround solutions ? The task is simple, it is impossible to check the internet channel by zabbix, because it is blocked by tunnel static.

Oleksandr Pikulskyi
Oleksandr Pikulskyi
SprinteR
New Contributor II

Hi all, the issue has been resolved with the help of PBR.

Oleksandr Pikulskyi
Oleksandr Pikulskyi
Top Kudoed Authors