Fortinet black logo

CLI Reference

config router setting

config router setting

Use this command to change basic routing settings. However, the default settings are recommended for most deployments.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config router setting

set rt-cache-strict {enable | disable}

set rt-cache-reverse {enable | disable}

set rt-best-match {enable | disable}

set ip-forward {enable | disable}

set ip6-forward {enable | disable}

set icmp-redirect-send {enable | disable}

set ip-forward-use-pmtu {enable | disable}

set layer4-vs-ignore-df {enable | disable}

config rt-cache-reverse-exception

edit <No.>

set ip-netmask <ip&netmask>

next

end

end

rt-cache-strict

Enable it when you want to send reply packets only via the same interface that received the request packets. When enabled, source interface becomes part of the matching tuple FortiADC uses to identify sessions, so reply traffic is forwarded from the same interface that received the traffic. Normally each session is identified by a 5-tuple: source IP, destination IP, protocol, source port, and destination port.

Disabled by default.

rt-cache-reverse

When enabled, forwards reply packets to the ISP link that forwarded the corresponding request packet. Enabled by default.

When not enabled, forwards all packets based on the results of routing lookup.

The rt-cache-reverse function is useful when your site gets traffic routed to it from multiple ISP links.

Note: FortiADC does not support IPv6 traffic reverse path route caching.

rt-best-match

Ignore the route type. The route with the longest prefix will be selected. Must restart for change to take effect. Disabled by default.

ip-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

ip6-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

icmp-redirect-send

When enabled, the icmp redirect package will be sent to the sender if the packet is being routed suboptimally so that the subsequent packets forward through a different gateway. Disabled by default.

ip-forward-use-pmtu

Forward package use path mtu. Path mtu is the mtu between two hosts. Can be used to avoid IP fragmentation. Disabled by default.

layer4-vs-ignore-df

Does not fragment layer4 vs packages. Disabled by default.

config rt-cache-reverse-exception

ip-netmask

If rt-cache-reverse is enabled, you can specify source IP addresses that should be handled differently. Specify a subnet IP address and netmask for each exception. For example, if you configure an exception for 192.168.1.0/24, FortiADC will not maintain a pointer to the ISP for traffic from source 192.168.1.18. Reply packets will be forwarded based on the results of routing lookup.

Example

FortiADC-VM # config router setting

FortiADC-VM (setting) # get

rt-cache-strict : disable

rt-cache-reverse : enable

ip-forward : enable

ip6-forward : enable

FortiADC-VM (setting) # config rt-cache-reverse-exception

FortiADC-VM (rt-cache-reverse) # edit 1

Add new entry '1' for node 3740

FortiADC-VM (1) # set ip-netmask 192.168.0.1/24

FortiADC-VM (1) # end

FortiADC-VM (setting) # end

config router setting

config router setting

Use this command to change basic routing settings. However, the default settings are recommended for most deployments.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config router setting

set rt-cache-strict {enable | disable}

set rt-cache-reverse {enable | disable}

set rt-best-match {enable | disable}

set ip-forward {enable | disable}

set ip6-forward {enable | disable}

set icmp-redirect-send {enable | disable}

set ip-forward-use-pmtu {enable | disable}

set layer4-vs-ignore-df {enable | disable}

config rt-cache-reverse-exception

edit <No.>

set ip-netmask <ip&netmask>

next

end

end

rt-cache-strict

Enable it when you want to send reply packets only via the same interface that received the request packets. When enabled, source interface becomes part of the matching tuple FortiADC uses to identify sessions, so reply traffic is forwarded from the same interface that received the traffic. Normally each session is identified by a 5-tuple: source IP, destination IP, protocol, source port, and destination port.

Disabled by default.

rt-cache-reverse

When enabled, forwards reply packets to the ISP link that forwarded the corresponding request packet. Enabled by default.

When not enabled, forwards all packets based on the results of routing lookup.

The rt-cache-reverse function is useful when your site gets traffic routed to it from multiple ISP links.

Note: FortiADC does not support IPv6 traffic reverse path route caching.

rt-best-match

Ignore the route type. The route with the longest prefix will be selected. Must restart for change to take effect. Disabled by default.

ip-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

ip6-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

icmp-redirect-send

When enabled, the icmp redirect package will be sent to the sender if the packet is being routed suboptimally so that the subsequent packets forward through a different gateway. Disabled by default.

ip-forward-use-pmtu

Forward package use path mtu. Path mtu is the mtu between two hosts. Can be used to avoid IP fragmentation. Disabled by default.

layer4-vs-ignore-df

Does not fragment layer4 vs packages. Disabled by default.

config rt-cache-reverse-exception

ip-netmask

If rt-cache-reverse is enabled, you can specify source IP addresses that should be handled differently. Specify a subnet IP address and netmask for each exception. For example, if you configure an exception for 192.168.1.0/24, FortiADC will not maintain a pointer to the ISP for traffic from source 192.168.1.18. Reply packets will be forwarded based on the results of routing lookup.

Example

FortiADC-VM # config router setting

FortiADC-VM (setting) # get

rt-cache-strict : disable

rt-cache-reverse : enable

ip-forward : enable

ip6-forward : enable

FortiADC-VM (setting) # config rt-cache-reverse-exception

FortiADC-VM (rt-cache-reverse) # edit 1

Add new entry '1' for node 3740

FortiADC-VM (1) # set ip-netmask 192.168.0.1/24

FortiADC-VM (1) # end

FortiADC-VM (setting) # end