Fortinet Community

whyouwannaknow · ‎03-11-2021

Hello,

We have reached the maximum number static routes to use on our Fortigate 100E.

The maximum number is 500.

Was I was wondering, if I regroup for example multiple static routes inside a Named Adress base static route (instead of using the subnet directly in the static route) would that clear some space for more static route to use?

I don't know if what I'm asking is really clear, but here is the Fortigate doc of what I would like to do : https://kb.fortinet.com/kb/documentLink.do?externalID=FD46327

If I regroup for example 4 subnet (that goes into the same IPSec VPN) into a group and that I create a static route using that group (instead of creating a static route of each subnet) will the Fortigate unit consider that as a single static route (because I'm using a group as part of the static route) would it still consider it as 4 static routes (even though I used a group for creating this static route).

Thank you in advance for the clarification.

emnoc · ‎03-11-2021

I don't think that would reduce your RIB size. But man a FGT100E and you hit the max? You need a bigger unit imho.

What you could do is aggregated

e.g

192.168.0.0/24

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

vrs

192.168.0.0/22

You just dropped 3 RIB entries.

So you might need to redesign or pay the penalty and go to maybe a 301E where you have 5K RIB entries imho.

Ken Felix

PCNSE

NSE

StrongSwan

Fortinet Community

Static route limit reached