[FortiGate] How to configure a static route

Firewall (UTM)

Work environment

  • FortiGate 60E
    • version 7.0.1

Configure a static route in GUI

Open the [Network > Static Routes] screen and click [Create New].

The New Static Route screen is displayed.

For Destination, select Subnet and enter the destination network address and subnet mask.
The subnet mask part can be expressed in prefix length. (For example 10.20.30.0/24)

Then enter the Gateway Address. Gateway Address is the next hop address.
When you enter the Gateway Address, the output interface is automatically detected and displayed in the Interface column.

Click OK when you are done.

Confirm that the static route has been added to the static routes screen.

The configuration is complete.

Configure a static route in CLI

The configuration of static routes in the CLI is config router static.

When configured according to the static route configuration example in the GUI described above, the CLI configuration will be as follows.

FTG60E # show full-configuration router static
config router static
    edit 1
        set status enable
        set dst 10.20.30.0 255.255.255.0
        set gateway 192.168.179.2
        set distance 10
        set weight 0
        set priority 0
        set device "wan1"
        set comment ''
        set blackhole disable
        set dynamic-gateway disable
        set link-monitor-exempt disable
        set bfd disable
    next
end

The part from edit 1 to next corresponds to one static route.

In general, the items that need to be explicitly configured are:

  • edit number: Numbering from unused number.
  • set dst: Destination
  • set gateway: Gateway Address
  • set device: Interface

Change other items from the default values as needed.

Check the routing table

Run the get router info routing-table all command to display the routing table.

FTG60E # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 192.168.179.2, wan1
C       10.10.10.0/24 is directly connected, dmz
S       10.20.30.0/24 [10/0] via 192.168.179.2, wan1
C       192.168.179.0/24 is directly connected, wan1

You can also see the routing table on the [Dashboard> Network> Static & Dynamic Routing Card] screen of the GUI.


Comments

Copied title and URL