I am having a problem with a virtualized firewall in EVE-NG. One box does not bring up the static route 0.0.0.0/0 to the internet.
Below is an example of a box with an error. When it is in this state, I cannot communicate with the external IPs I have in the lab.
Here is an example of a box that has the 0.0.0.0/0 route to the internet and is functioning properly.
how is possible enable this option ?
Can you share the following:
Hey of course!
Screenshot of "Network > Static Routes"
Then I guess this is a SD-WAN related issue, not a routing issue.
Hi @Portinari,
Only active routes will show up. Can you make sure you have static routes configured? Are you able to reach the default gateway?
Regards,
If the route is inactive it will not show on your routing table.
Possible causes of inactive route are:
Hello, my problem is right on the route.
When you look, it appears as inactive
Why is this happening?
I correctly configured the SDWAN with the internet output
Hello Portinari,
If there are two routes to the same destination, the one with the smaller distance is considered better and used for routing.
The routes with higher distances are inactive and not added to the routing table.
If an interface is down, or FortiGate does not have Layer 2 connectivity to a subnet, that route is also considered inactive and will not be added to the routing table.
You can use the command which displays only the one with the lowest distance (the active one). :
get router info routing-table details x.x.x.x --------- replace the x.x.x.x with the destination IP address.
Regards,
Hello
To resolve the issue of the static route not appearing on your virtualized FortiGate in EVE-NG, follow these steps:
Troubleshooting Steps
1.Verify Interface Configuration:
- Ensure the interface used as the gateway is correctly configured and active.
2. Configure the Static Route:
- Check that the static route to 0.0.0.0/0 is properly configured.
3. heck the Routing Table
- Make sure the route appears in the routing table.
4. Administrative Distance and Priority:
- Ensure the administrative distance and priority are set correctly to avoid conflicts with other routes.
5. Debugging and Logs:
- Use debugging and log tools to gather more information.
Detailed Steps
1. Verify Interface Configuration
Ensure that the interface through which traffic should be routed is active.
CLI Command:
show system interface
Check if the interface used as the gateway has an IP address and is active.
2. Configure the Static Route
Ensure that the static route to 0.0.0.0/0 is properly configured.
Web GUI:
1. Go to `Network` > `Static Routes`.
2. Add a new route or edit the existing route to 0.0.0.0/0.
3. Specify the gateway and the corresponding interface.
cli:
config router static
edit 0
set dst 0.0.0.0/0
set gateway <gateway-ip>
set device <interface-name>
next
end
3. Check the Routing Table
Verify if the route appears in the routing table.
CLI Comma
get router info routing-table all
4. Administrative Distance and Priorit
Ensure the administrative distance is set correctly. A higher administrative distance might prevent the route from being used.
cli
config router static
edit 0
set distance <value>
next
end
5. Debugging and Log
Use debugging tools to gather more information about why the route is not appearing.
CLI Commands for Debugging
diagnose debug enable
diagnose debug console timestamp enable
diagnose debug application routing -1
Review the logs to find hints on why the route is not activated.
Example Configuration for a Static Route
Here is an example of configuring a static route:
config router static
edit 1
set dst 0.0.0.0/0
set gateway 172.16.1.1
set device port4
next
end
Important Notes
- NAT: Ensure NAT is correctly configured if you need to access the internet from an internal network.
- Firewall Rules: Check that firewall rules allow the traffic that should flow through this route.
By following these steps, you should be able to correctly configure the static route on your FortiGate and ensure it appears in the routing table.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.