Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
n00b
New Contributor

Created on ‎02-26-2016 07:20 AM

Static route is added/removed very frequently!

Hello guys!

 

I'm new here.

Would like to hear some helpful ideas regarding an issue.

I have Fortigate 100D with FortiOS v5.2.4

It is set up with spill-over wan link load balance with 2 ISP connected to FG.

 

Now, the problem is static route is installed and uninstalled repeatedly.

Any ideas is appreciated.

 

See below configuration.

FG100Dxxxxxxxxxx # config router static FG100Dxxxxxxxxxx (static) # show config router static     edit 1         set virtual-wan-link enable     next end

FG100Dxxxxxxxxxx # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP        O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default S*      0.0.0.0/0 [10/0] via x.x.x.193, wan1                   [10/0] via x.x.x.241, wan2 C       x.x.x.192/29 is directly connected, wan1 C       192.168.100.0/24 is directly connected, lan C       x.x.x.240/29 is directly connected, wan2

 

FG100Dxxxxxxxxxx # show sy virtual-wan-link config system virtual-wan-link     set status enable     set load-balance-mode usage-based         config members             edit 1                 set interface "wan1"                 set gateway x.x.x.193                 set spillover-threshold 10000                 set detect-server "8.8.8.8"                 set detect-failtime 2                 set detect-recoverytime 2             next             edit 2                 set interface "wan2"                 set gateway x.x.x.241                 set spillover-threshold 10000                 set detect-server "4.2.2.2"                 set detect-failtime 2                 set detect-recoverytime 2             next         end end

Preview file
142 KB
Labels:
7953
0 Kudos
3 REPLIES 3
ismael_rodrigues
New Contributor

Created on ‎10-20-2016 06:40 AM

Hi

The problem is static route is installed and uninstalled repeatedly, some return?

 

I have the same symptoms in my firewall.

 

2204
0 Kudos
bobm
New Contributor III
In response to ismael_rodrigues

Created on ‎10-20-2016 11:00 AM

Check you WAN links for failures. Did you have upstream pings enabled in 5.0 to check for WAN link status?  I had dual WAN links configured for failover in 5.0, but when I upgraded to 5.2 I decided not to tear down all my policies to create the new virtual WAN model.  So whenever one of our links goes down long enough to trigger an alert, we now get a notification of static links being uninstalled and then reinstalled every time the WAN link state changes.

2213
0 Kudos
emnoc
Esteemed Contributor III
In response to bobm

Created on ‎10-20-2016 11:07 AM

Alternatively you can adjust your fail/recovery times. I bet the  route is drop/add due to miss packets and  "2" is very aggressive imho

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2213
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.