Fortinet black logo

CLI Reference

Home FortiADC 7.4.3 CLI Reference

config router setting

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.2
6.0.1
6.0.0
5.4.5
5.4.3
5.4.2
5.4.1
5.4.0
5.3.0
4.8.1
4.7.0
Copy Link
Copy Doc ID 27963d70-f14d-11ee-8c42-fa163e15d75b:573121
Download PDF

config router setting

Use this command to change basic routing settings. However, the default settings are recommended for most deployments.

Before you begin:
  • You must have read-write permission for system settings.

Syntax

config router setting

set rt-cache-strict {enable | disable}

set rt-cache-reverse {enable | disable}

set rt-best-match {enable | disable}

set ip-forward {enable | disable}

set ip6-forward {enable | disable}

set icmp-redirect-send {enable | disable}

set ip-forward-use-pmtu {enable | disable}

set layer4-vs-ignore-df {enable | disable}

config rt-cache-reverse-exception

edit <No.>

set addr-type {ipv4 | ipv6}

set ip-netmask <ip&netmask>

set ipv6-netmask <ipv6&netmask>

next

end

end

rt-cache-strict

Enable it when you want to send reply packets only via the same interface that received the request packets. When enabled, source interface becomes part of the matching tuple FortiADC uses to identify sessions, so reply traffic is forwarded from the same interface that received the traffic. Normally each session is identified by a 5-tuple: source IP, destination IP, protocol, source port, and destination port.

Disabled by default.

rt-cache-reverse

When enabled, forwards reply packets to the ISP link that forwarded the corresponding request packet. Enabled by default.

When not enabled, forwards all packets based on the results of routing look-up.

The rt-cache-reverse function is useful when your site gets traffic routed to it from multiple ISP links.

rt-best-match

Ignore the route type. The route with the longest prefix will be selected. Must restart for change to take effect. Disabled by default.

ip-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

ip6-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

icmp-redirect-send

When enabled, the icmp redirect package will be sent to the sender if the packet is being routed suboptimally so that the subsequent packets forward through a different gateway. Disabled by default.

ip-forward-use-pmtu

Forward package use path mtu. Path mtu is the mtu between two hosts. Can be used to avoid IP fragmentation. Disabled by default.

layer4-vs-ignore-df

Does not fragment layer4 vs packages. Disabled by default.

config rt-cache-reverse-exception

addr-type

When rt-cache-reverse is enabled, you can specify the source IP address type that should be handled differently.

Select one of the following:

  • ipv4

  • ipv6

Note: If addr-type is not set, IPv4 will be set as the default source IP address type.

ip-netmask

The ip-netmask option is available if addr-type is ipv4 or addr-type is not set.

Specify a subnet IPv4 address and netmask for each reverse route cache exception. For example, if you configure an exception for 192.168.1.0/24, FortiADC will not maintain a pointer to the ISP for traffic from source 192.168.1.18. Reply packets will be forwarded based on the results of routing look-up.

ipv6-netmask

The ipv6-netmask option is available if addr-type is ipv6.

Specify a subnet IPv6 address and netmask for each reverse route cache exception. For example, if you configure an exception for 200a::/64, FortiADC will not maintain a pointer to the ISP for traffic from source 200a::1:1aaa. Reply packets will be forwarded based on the results of routing look-up.

Example

FortiADC-VM # config router setting

FortiADC-VM (setting) # get

rt-cache-strict : disable

rt-cache-reverse : enable

ip-forward : enable

ip6-forward : enable

FortiADC-VM (setting) # config rt-cache-reverse-exception

FortiADC-VM (rt-cache-reverse) # edit 1

Add new entry '1' for node 3740

FortiADC-VM (1) # set addr-type ipv6

FortiADC-VM (1) # set ipv6-netmask 200a::/64

FortiADC-VM (1) # end

FortiADC-VM (setting) # end

Previous
Next

config router setting

Use this command to change basic routing settings. However, the default settings are recommended for most deployments.

Before you begin:
  • You must have read-write permission for system settings.

Syntax

config router setting

set rt-cache-strict {enable | disable}

set rt-cache-reverse {enable | disable}

set rt-best-match {enable | disable}

set ip-forward {enable | disable}

set ip6-forward {enable | disable}

set icmp-redirect-send {enable | disable}

set ip-forward-use-pmtu {enable | disable}

set layer4-vs-ignore-df {enable | disable}

config rt-cache-reverse-exception

edit <No.>

set addr-type {ipv4 | ipv6}

set ip-netmask <ip&netmask>

set ipv6-netmask <ipv6&netmask>

next

end

end

rt-cache-strict

Enable it when you want to send reply packets only via the same interface that received the request packets. When enabled, source interface becomes part of the matching tuple FortiADC uses to identify sessions, so reply traffic is forwarded from the same interface that received the traffic. Normally each session is identified by a 5-tuple: source IP, destination IP, protocol, source port, and destination port.

Disabled by default.

rt-cache-reverse

When enabled, forwards reply packets to the ISP link that forwarded the corresponding request packet. Enabled by default.

When not enabled, forwards all packets based on the results of routing look-up.

The rt-cache-reverse function is useful when your site gets traffic routed to it from multiple ISP links.

rt-best-match

Ignore the route type. The route with the longest prefix will be selected. Must restart for change to take effect. Disabled by default.

ip-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

ip6-forward

Enabled by default. Do not disable under normal circumstances.

If disabled, functions related to routing, like link load balancing, static routing, policy routing, and OSPF routing cannot function.

icmp-redirect-send

When enabled, the icmp redirect package will be sent to the sender if the packet is being routed suboptimally so that the subsequent packets forward through a different gateway. Disabled by default.

ip-forward-use-pmtu

Forward package use path mtu. Path mtu is the mtu between two hosts. Can be used to avoid IP fragmentation. Disabled by default.

layer4-vs-ignore-df

Does not fragment layer4 vs packages. Disabled by default.

config rt-cache-reverse-exception

addr-type

When rt-cache-reverse is enabled, you can specify the source IP address type that should be handled differently.

Select one of the following:

  • ipv4

  • ipv6

Note: If addr-type is not set, IPv4 will be set as the default source IP address type.

ip-netmask

The ip-netmask option is available if addr-type is ipv4 or addr-type is not set.

Specify a subnet IPv4 address and netmask for each reverse route cache exception. For example, if you configure an exception for 192.168.1.0/24, FortiADC will not maintain a pointer to the ISP for traffic from source 192.168.1.18. Reply packets will be forwarded based on the results of routing look-up.

ipv6-netmask

The ipv6-netmask option is available if addr-type is ipv6.

Specify a subnet IPv6 address and netmask for each reverse route cache exception. For example, if you configure an exception for 200a::/64, FortiADC will not maintain a pointer to the ISP for traffic from source 200a::1:1aaa. Reply packets will be forwarded based on the results of routing look-up.

Example

FortiADC-VM # config router setting

FortiADC-VM (setting) # get

rt-cache-strict : disable

rt-cache-reverse : enable

ip-forward : enable

ip6-forward : enable

FortiADC-VM (setting) # config rt-cache-reverse-exception

FortiADC-VM (rt-cache-reverse) # edit 1

Add new entry '1' for node 3740

FortiADC-VM (1) # set addr-type ipv6

FortiADC-VM (1) # set ipv6-netmask 200a::/64

FortiADC-VM (1) # end

FortiADC-VM (setting) # end

Previous
Next