Static routes - Dynamic Gateway error

fback · ‎05-02-2023

Hello everyone,

Thanks in advance for taking the time to read.

We changed our ISP 6 months ago and I just saw an error in the "Static routes - IPv4" :

- New WAN1 as PPOE

- Use fortiguard DNS servers to get a fortiDDNS domain with the correct static IP

the default gateway in the Wan interface :

I am not an expert (Lets just say I know how subnet are managed but never took the time to understand since my field is geomatics)

Would anyone be able to give me an advice as to :

Why the gateway is not in the same subnet as WAN1, if the gateway IP is taken dynamically from the WAN1 connection ?

msanjaypadma · ‎05-02-2023

Hi @fback ,

As I have understand you are receiving above error in the static route configuration.

You will receive /32 subnet public ip address from ISP router, they don't provide address range and which contains only single ip address due to which while configuring static route it shows gateway ip address not part of same subnet.

If you want to add route, you can delete this manual static route entry and enable default route push from server.

Follow as below in FortiGate:

GUI:
Interfaces -> select <interface/port> and Edit -> enable option “Retrieve default gateway from server” -> Save setting by clicking on “OK”
CLI:
# conf sys interface
# edit <interface
# set defaultgw enable
# end

Note : Make sure you have proper maintenance window while enabling default route from PPPOE server . Administrative distance (AD) for default route from PPPOE server will be 5 in FortiGate. If your other default route having AD higher than PPPOE then static route will be selected for PPPOE and all traffic will forward to PPPOE link.

I hope this helps a bit.

For more details :
https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet

Mayur Padma

View solution in original post

msanjaypadma · ‎05-02-2023

Hi @fback ,

As I have understand you are receiving above error in the static route configuration.

You will receive /32 subnet public ip address from ISP router, they don't provide address range and which contains only single ip address due to which while configuring static route it shows gateway ip address not part of same subnet.

If you want to add route, you can delete this manual static route entry and enable default route push from server.

Follow as below in FortiGate:

GUI:
Interfaces -> select <interface/port> and Edit -> enable option “Retrieve default gateway from server” -> Save setting by clicking on “OK”
CLI:
# conf sys interface
# edit <interface
# set defaultgw enable
# end

Note : Make sure you have proper maintenance window while enabling default route from PPPOE server . Administrative distance (AD) for default route from PPPOE server will be 5 in FortiGate. If your other default route having AD higher than PPPOE then static route will be selected for PPPOE and all traffic will forward to PPPOE link.

I hope this helps a bit.

For more details :
https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet

Mayur Padma

fback · ‎05-02-2023

Thank you for your help Mayur, it is greatly appreciated.

As a surprise, retrieve default gateway from server was already activated. I simply had to delete the static route. It clearly was a lack of maintenance when adding the new ISP couple months ago.

I thought it would fix a problem we have with Ookla speedtests stuck on "Finding optimal servers" but alas, still having problems.