Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config router static

Network systems maintain route tables to determine where to forward TCP/IP packets. Use this command to configure static routes. Static routes are based on destination IP addresses.

Routes for outbound traffic are chosen according to the following priorities:

  1. Link local routes—Self-traffic uses link local routes.
  2. LLB Link Policy route—Configured policy routes have priority over default routes.
  3. Policy route—Configured policy routes have priority over default routes.
  4. Static route / ISP route / OSPF route—Priority is based on the distance metric. By default, distance for static routes is 10, for ISP routes is 20, and for OSPF routes is 110. The distance metric is configurable for static routes and OSPF routes, but not ISP routes.
  5. Default LLB Link Policy route—Default routes have lower priority than configured routes.
  6. Default static route / OSPF route—Default routes have lower priority than configured routes.

The system evaluates policy routes, then static routes. The packets are routed to the first route that matches. The static route table, therefore, is the one that must include a “default route” to be used when no more specific route has been determined.

Static routes specify the IP address of a next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. The FortiADC system itself does not need to know the full route, as long as the routers can pass along the packet.

You must configure at least one static route that points to a router, often a router that is the gateway to the Internet. You might need to configure multiple static routes if you have multiple gateway routers, redundant ISP links, or other special routing cases.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config router static

edit <No.>

set destination <ip&netmask>

set distance <integer>

set gateway <class_ip>

next

end

 

destination

Address/mask notation to match the destination IP in the packet header.

Specify 0.0.0.0/0 or ::/0 to set a default route for all packets.

It is a best practice to include a default route. If there is no other, more specific static route defined for a packet’s destination IP address, a default route will match the packet, and pass it to a gateway router so that any packet can reach its destination.

If you do not define a default route, and if there is a gap in your routes where no route matches a packet’s destination IP address, packets passing through the FortiADC towards those IP addresses will, in effect, be null routed. While this can help to ensure that unintentional traffic cannot leave your FortiADC and therefore can be a type of security measure, the result is that you must modify your routes every time that a new valid destination is added to your network. Otherwise, it will be unreachable. A default route ensures that this kind of locally-caused “destination unreachable” problem does not occur.

distance

The default administrative distance is 10, which makes it preferred to OSPF routes that have a default of 110. We recommend you do not change these settings unless your deployment has exceptional requirements.

gateway

Specify the IP address of the gateway router that can route packets to the destination IP address that you have specified.

Example

FortiADC-VM # config router static

 

FortiADC-VM (static) # edit 1

FortiADC-VM (1) # set gateway 192.168.1.1

FortiADC-VM (1) # end

 

FortiADC-VM # get router static 1

destination : 0.0.0.0/0

gateway : 192.168.1.1

distance : 10

 

 

config router static

Network systems maintain route tables to determine where to forward TCP/IP packets. Use this command to configure static routes. Static routes are based on destination IP addresses.

Routes for outbound traffic are chosen according to the following priorities:

  1. Link local routes—Self-traffic uses link local routes.
  2. LLB Link Policy route—Configured policy routes have priority over default routes.
  3. Policy route—Configured policy routes have priority over default routes.
  4. Static route / ISP route / OSPF route—Priority is based on the distance metric. By default, distance for static routes is 10, for ISP routes is 20, and for OSPF routes is 110. The distance metric is configurable for static routes and OSPF routes, but not ISP routes.
  5. Default LLB Link Policy route—Default routes have lower priority than configured routes.
  6. Default static route / OSPF route—Default routes have lower priority than configured routes.

The system evaluates policy routes, then static routes. The packets are routed to the first route that matches. The static route table, therefore, is the one that must include a “default route” to be used when no more specific route has been determined.

Static routes specify the IP address of a next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. The FortiADC system itself does not need to know the full route, as long as the routers can pass along the packet.

You must configure at least one static route that points to a router, often a router that is the gateway to the Internet. You might need to configure multiple static routes if you have multiple gateway routers, redundant ISP links, or other special routing cases.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config router static

edit <No.>

set destination <ip&netmask>

set distance <integer>

set gateway <class_ip>

next

end

 

destination

Address/mask notation to match the destination IP in the packet header.

Specify 0.0.0.0/0 or ::/0 to set a default route for all packets.

It is a best practice to include a default route. If there is no other, more specific static route defined for a packet’s destination IP address, a default route will match the packet, and pass it to a gateway router so that any packet can reach its destination.

If you do not define a default route, and if there is a gap in your routes where no route matches a packet’s destination IP address, packets passing through the FortiADC towards those IP addresses will, in effect, be null routed. While this can help to ensure that unintentional traffic cannot leave your FortiADC and therefore can be a type of security measure, the result is that you must modify your routes every time that a new valid destination is added to your network. Otherwise, it will be unreachable. A default route ensures that this kind of locally-caused “destination unreachable” problem does not occur.

distance

The default administrative distance is 10, which makes it preferred to OSPF routes that have a default of 110. We recommend you do not change these settings unless your deployment has exceptional requirements.

gateway

Specify the IP address of the gateway router that can route packets to the destination IP address that you have specified.

Example

FortiADC-VM # config router static

 

FortiADC-VM (static) # edit 1

FortiADC-VM (1) # set gateway 192.168.1.1

FortiADC-VM (1) # end

 

FortiADC-VM # get router static 1

destination : 0.0.0.0/0

gateway : 192.168.1.1

distance : 10