Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fback
New Contributor

Created on ‎05-02-2023 10:09 AM

Static routes - Dynamic Gateway error

Hello everyone,

Thanks in advance for taking the time to read.

We changed our ISP 6 months ago and I just saw an error in the "Static routes - IPv4" : 

 

Sans titre.png

 

- New WAN1 as PPOE 

- Use fortiguard DNS servers to get a fortiDDNS domain with the correct static IP

 

the default gateway in the Wan interface : 

 

Capture.JPG

 

I am not an expert (Lets just say I know how subnet are managed but never took the time to understand since my field is geomatics)

 

Would anyone be able to give me an advice as to :

Why the gateway is not in the same subnet as WAN1, if the gateway IP is taken dynamically from the WAN1 connection ?

 

 

Labels:
2740
0 Kudos
1 Solution
msanjaypadma
Staff
Staff

Created on ‎05-02-2023 11:06 AM

Hi @fback ,


As I have understand you are receiving above error in the static route configuration. 

You will receive /32 subnet public ip address from ISP router, they don't provide address range and which contains only single ip address due to which while configuring static route it shows gateway ip address not part of same subnet. 

If you want to add route, you can delete this manual static route entry and enable default route push from server. 

Follow as below in FortiGate:

GUI:
Interfaces -> select <interface/port> and Edit -> enable option “Retrieve default gateway from server” -> Save setting by clicking on “OK”
CLI:
# conf sys interface
#    edit <interface
#        set defaultgw enable
#    end

Note : Make sure you have proper maintenance window while enabling default route from PPPOE server . Administrative distance (AD) for default route from PPPOE server will be 5 in FortiGate.  If your other default route having AD higher than PPPOE then static route will be selected for PPPOE and all traffic will forward to PPPOE link. 

I hope this helps a bit. 

For more details :
https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet

Mayur Padma

View solution in original post

2723
0 Kudos
2 REPLIES 2
msanjaypadma
Staff
Staff

Created on ‎05-02-2023 11:06 AM

Hi @fback ,


As I have understand you are receiving above error in the static route configuration. 

You will receive /32 subnet public ip address from ISP router, they don't provide address range and which contains only single ip address due to which while configuring static route it shows gateway ip address not part of same subnet. 

If you want to add route, you can delete this manual static route entry and enable default route push from server. 

Follow as below in FortiGate:

GUI:
Interfaces -> select <interface/port> and Edit -> enable option “Retrieve default gateway from server” -> Save setting by clicking on “OK”
CLI:
# conf sys interface
#    edit <interface
#        set defaultgw enable
#    end

Note : Make sure you have proper maintenance window while enabling default route from PPPOE server . Administrative distance (AD) for default route from PPPOE server will be 5 in FortiGate.  If your other default route having AD higher than PPPOE then static route will be selected for PPPOE and all traffic will forward to PPPOE link. 

I hope this helps a bit. 

For more details :
https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet

Mayur Padma
2724
0 Kudos
fback
New Contributor

Created on ‎05-02-2023 11:35 AM

Thank you for your help Mayur, it is greatly appreciated.

 

As a surprise, retrieve default gateway from server was already activated. I simply had to delete the static route. It clearly was a lack of maintenance when adding the new ISP couple months ago.


I thought it would fix a problem we have with Ookla speedtests stuck on "Finding optimal servers" but alas, still having problems.

2720
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.