Fortinet black logo

Handbook

Routing configuration

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:102297
Download PDF

Routing configuration

  • Always configure a default route.
  • Add blackhole routes for subnets reachable using VPN tunnels. This ensures that if a VPN tunnel goes down, traffic is not mistakingly routed to the Internet unencrypted.

Policy routing

Keep the number of policy routes to a minimum to optimize performance in route lookup and to simplify troubleshooting.

Dynamic routing

  • Select a Router ID that matches an IP assigned to an interface. This avoids the likelihood of having two devices with the same router ID.
  • For routing over an IPsec tunnel, assign IP addresses to both ends of the tunnel.

Routing configuration

  • Always configure a default route.
  • Add blackhole routes for subnets reachable using VPN tunnels. This ensures that if a VPN tunnel goes down, traffic is not mistakingly routed to the Internet unencrypted.

Policy routing

Keep the number of policy routes to a minimum to optimize performance in route lookup and to simplify troubleshooting.

Dynamic routing

  • Select a Router ID that matches an IP assigned to an interface. This avoids the likelihood of having two devices with the same router ID.
  • For routing over an IPsec tunnel, assign IP addresses to both ends of the tunnel.