I have FG 81F that has an IPsec Tunnel that active and capable of routing traffic. I can route traffic through the tunnel via static routes but even though I have the default route pointed to the tunnel, it the routing table the default route shows up as leaving through the WAN.
Any suggestions
RTBNRVPN01 (static) # show
config router static
edit 1
set device "BNR-PIT-1"
next
edit 2
set dst 164.52.235.0 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 3
set dst 4.49.109.32 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 4
set dst 10.0.0.0 255.0.0.0
set device "BNR-PIT-1"
next
Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 166.157.249.1, wan1
S 4.49.109.32/27 [10/0] via 166.157.249.1, wan1
S 10.0.0.0/8 [10/0] via 10.172.0.181, BNR-PIT-1
C 10.172.0.181/32 is directly connected, BNR-PIT-1
C 10.172.0.182/32 is directly connected, BNR-PIT-1
C 10.172.97.0/26 is directly connected, internal1
C 10.172.98.0/26 is directly connected, Security
C 10.172.98.64/26 is directly connected, Guest
C 10.172.98.192/27 is directly connected, Vend
C 10.172.98.224/27 is directly connected, Controls
S 164.52.235.0/27 [10/0] via 166.157.249.1, wan1
C 166.157.249.0/24 is directly connected, wan1
Solved! Go to Solution.
The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.
To fix this, simply lower the AD of the IPsec VPN static route in the configuration.
The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.
To fix this, simply lower the AD of the IPsec VPN static route in the configuration.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.