Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Portinari
New Contributor

Created on ‎07-12-2024 06:59 PM

The static route does not appear on the Fortinet network dashboard

I am having a problem with a virtualized firewall in EVE-NG. One box does not bring up the static route 0.0.0.0/0 to the internet.

Below is an example of a box with an error. When it is in this state, I cannot communicate with the external IPs I have in the lab.

 

2024-07-12 22 56 25.png

 

Here is an example of a box that has the 0.0.0.0/0 route to the internet and is functioning properly.

2024-07-12 22 57 51.png

 

how is possible enable this option ?

 

 

 

 

Labels:
766
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎07-13-2024 12:24 AM

Can you share the following:

  • Screenshot of "Network > Static Routes" view
  • get router info routing-table all   (from CLI)
  • Are your WAN interfaces set to DHCP, PPPoE or static?
AEK
AEK
728
0 Kudos
Portinari
New Contributor
In response to AEK

Created on ‎07-15-2024 06:17 PM

Hey of course!

 

Screenshot of "Network > Static Routes" 

 

2024-07-15 22 12 37.png

2024-07-15 22 13 38.png

 

 

  • get router info routing-table all   (from CLI)

2024-07-15 22 15 37.png

 

 

  • Are your WAN interfaces set to DHCP, PPPoE or static?
    No, I am using a lab EVE NG

 

623
0 Kudos
AEK
SuperUser
SuperUser
In response to Portinari

Created on ‎07-16-2024 10:30 AM

Then I guess this is a SD-WAN related issue, not a routing issue.

AEK
AEK
560
0 Kudos
hbac
Staff
Staff

Created on ‎07-13-2024 07:57 AM

Hi @Portinari,

 

Only active routes will show up. Can you make sure you have static routes configured? Are you able to reach the default gateway?

 

Regards, 

694
0 Kudos
Portinari
New Contributor
In response to hbac

Created on ‎07-15-2024 06:19 PM

Hey @hbac 

 

Yes, Iam using in the lab router static end gw

 

2024-07-15 22 12 37.png2024-07-15 22 13 38.png

621
0 Kudos
adimailig
Staff
Staff

Created on ‎07-13-2024 05:35 PM

If the route is inactive it will not show on your routing table.
Possible causes of inactive route are:

  • A static route on an interface with a static IP address is defined where the static IP address is in a different subnet than the default gateway.
  • DHCP interface where the DHCP IP address of the interface is in a different subnet than the default gateway (i.e. due to an incorrectly configured DHCP server).
  • Static routes on any interface configured with a failed link monitor (also known as the link health monitor/gateway detect / dead gateway detection feature).
  • Static route on an IPSec VPN tunnel interface that is down (i.e. Phase 1 is down).
  • Static route on any interface that is configured in Performance SLA with a failed link.

    Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-identify-Inactive-Routes-in-the-Rou...
Best Regards,

Arnold Dimailig
TAC Engineer
674
0 Kudos
Portinari
New Contributor
In response to adimailig

Created on ‎07-15-2024 06:42 PM

Hello, my problem is right on the route.

When you look, it appears as inactive

 

 

2024-07-15 22 40 55.png

 

Why is this happening?

I correctly configured the SDWAN with the internet output

619
0 Kudos
ametkola
Staff
Staff

Created on ‎07-16-2024 03:37 AM

Hello Portinari,

If there are two routes to the same destination, the one with the smaller distance is considered better and used for routing.
The routes with higher distances are inactive and not added to the routing table.
If an interface is down, or FortiGate does not have Layer 2 connectivity to a subnet, that route is also considered inactive and will not be added to the routing table.

You can use the command which displays only the one with the lowest distance (the active one). :

get router info routing-table details x.x.x.x --------- replace the x.x.x.x with the destination IP address.

Regards,

579
0 Kudos
Christian_89
Contributor III

Created on ‎07-16-2024 09:16 AM

Hello

To resolve the issue of the static route not appearing on your virtualized FortiGate in EVE-NG, follow these steps:

Troubleshooting Steps

1.Verify Interface Configuration:
- Ensure the interface used as the gateway is correctly configured and active.

2. Configure the Static Route:
- Check that the static route to 0.0.0.0/0 is properly configured.

3. heck the Routing Table
- Make sure the route appears in the routing table.

4. Administrative Distance and Priority:
- Ensure the administrative distance and priority are set correctly to avoid conflicts with other routes.

5. Debugging and Logs:
- Use debugging and log tools to gather more information.

Detailed Steps

1. Verify Interface Configuration
Ensure that the interface through which traffic should be routed is active.

CLI Command:
show system interface

Check if the interface used as the gateway has an IP address and is active.

2. Configure the Static Route
Ensure that the static route to 0.0.0.0/0 is properly configured.

Web GUI:
1. Go to `Network` > `Static Routes`.
2. Add a new route or edit the existing route to 0.0.0.0/0.
3. Specify the gateway and the corresponding interface.

cli:
config router static
edit 0
set dst 0.0.0.0/0
set gateway <gateway-ip>
set device <interface-name>
next
end

3. Check the Routing Table
Verify if the route appears in the routing table.

CLI Comma
get router info routing-table all
 4. Administrative Distance and Priorit
Ensure the administrative distance is set correctly. A higher administrative distance might prevent the route from being used.

cli
config router static
edit 0
set distance <value>
next
end
 5. Debugging and Log
Use debugging tools to gather more information about why the route is not appearing.

CLI Commands for Debugging
diagnose debug enable
diagnose debug console timestamp enable
diagnose debug application routing -1

Review the logs to find hints on why the route is not activated.

Example Configuration for a Static Route

Here is an example of configuring a static route:
config router static
edit 1
set dst 0.0.0.0/0
set gateway 172.16.1.1
set device port4
next
end

Important Notes

- NAT: Ensure NAT is correctly configured if you need to access the internet from an internal network.
- Firewall Rules: Check that firewall rules allow the traffic that should flow through this route.

By following these steps, you should be able to correctly configure the static route on your FortiGate and ensure it appears in the routing table.

571
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.