Configuring the static routes
The default (and most used) behavior on FOS is that SD-WAN will not forward the traffic without a feasible route! We have already seen this in the previous chapter. In other words: A valid route to the destination must exist via an SD-WAN member, for that member to be chosen!
Why do we explicitly set priority? We would like to ensure that port1 will still be preferred for Internet access by any traffic that is not handled by SD-WAN. The best example of such traffic is the one locally originated by Branch FGT itself (e.g. IKE or Fortiguard or even a ping that you initiate from CLI). We would like this traffic to always use port1. The default route via port1 has the default priority (0), so we set a higher value (lower priority) for these newly added routes, while still installing them into the routing table.
Note that you cannot use other attributes, such as “distance”. Higher distance would result in these new routes not being installed into the routing table at all. That would not solve our original routing caveat for SD-WAN.
To add static routes to the spoke FortiGates:
- Create a CLI template.
- Add the CLI script to the CLI template
- Install the changes to FortiGate.
config router static
edit 21
set priority 10
set device "OL_MPLS_21"
next
edit 22
set priority 10
set device "OL_MPLS_22"
next
end