Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

router {static | static6}

Use this command to add, edit, or delete static routes. Use static for IPv4 and static6 for IPv6.

You add static routes to manually control traffic exiting the FortiGate unit. You configure routes by specifying destination IP addresses and network masks and adding gateways for these destination addresses. Gateways are the next-hop routers to which traffic that matches the destination addresses in the route are forwarded.

You can adjust the administrative distance of a route to indicate preference when more than one route to the same destination is available. The lower the administrative distance, the greater the preferability of the route. If the routing table contains several entries that point to the same destination (the entries may have different gateways or interface associations), the FortiGate unit compares the administrative distances of those entries, selects the entries having the lowest distances, and installs them as routes in the FortiGate unit forwarding table. Any ties are resolved by comparing the routes’ priority, with lowest priority being preferred. As a result, the FortiGate unit forwarding table only contains routes having the lowest distances to every possible destination. If both administrative distance and priority are tied for two or more routes, an equal cost multi-path (ECMP) situation occurs. ECMP is available to static and OSPF routing. By default in ECMP, a source IP address hash will be used to determine the selected route. This hash value is based on the pre-NATed source IP address. This method results in all traffic originating from the same source IP address always using the same path. This is the Source based ECMP option, with Weighted, and Spill-over being the other two optional methods. The option is determined by the CLI command set v4-ecmp-mode in config system setting. Source Based is the default method. Weighted ECMP uses the weight field to direct more traffic to routes with larger weights. In spill-over or usage-based ECMP, the FortiGate unit distributes sessions among ECMP routes based on how busy the FortiGate interfaces added to the routes are. For more information on ECMP, seesystem settings.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set vrf <id>

Configure OSPF support for multiple virtual routing and forwarding (VRFs). Set the value between 0-31. FortiOS supports 32 VRFs (numbered 0 to 31) per VDOM.

This entry is only available when blackhole is set to enable.

set bfd {enable | disable}

Enable or disable (by default) Bidirectional Forwarding Detection (BFD) for IPv4 and/or IPv6 static routes to configure routing failover based on remote path failure detection. BFD removes a static route from the routing table if the FortiGate can't reach the route's destination and returns the route to the routing table if the route's destination is restored.

This entry is not available when blackhole is set to disable.

set src <source>

Set an IPv4 source prefix, allowing FortiGate to differentiate between multiple default routes.

This is necessary only for static routes in transparent mode.

set virtual-wan-link {enable | disable}

Enable or disable egress traffic through the virtual-wan-link.
config router static
    edit {seq-num}
    # Configure IPv4 static routing tables.
        set seq-num {integer}   Sequence number. range[0-4294967295]
        set status {enable | disable}   Enable/disable this static route.
        set dst {ipv4 classnet}   Destination IP and mask for this route.
        set src {ipv4 classnet}   Source prefix for this route.
        set gateway {ipv4 address}   Gateway IP for this route.
        set distance {integer}   Administrative distance (1 - 255). range[1-255]
        set weight {integer}   Administrative weight (0 - 255). range[0-255]
        set priority {integer}   Administrative priority (0 - 4294967295). range[0-4294967295]
        set device {string}   Gateway out interface or tunnel. size[35] - datasource(s): system.interface.name
        set comment {string}   Optional comments. size[255]
        set blackhole {enable | disable}   Enable/disable black hole.
        set dynamic-gateway {enable | disable}   Enable use of dynamic gateway retrieved from a DHCP or PPP server.
        set virtual-wan-link {enable | disable}   Enable/disable egress through the virtual-wan-link.
        set dstaddr {string}   Name of firewall address or address group. size[63] - datasource(s): firewall.address.name,firewall.addrgrp.name
        set internet-service {integer}   Application ID in the Internet service database. range[0-4294967295] - datasource(s): firewall.internet-service.id
        set internet-service-custom {string}   Application name in the Internet service custom database. size[64] - datasource(s): firewall.internet-service-custom.name
        set link-monitor-exempt {enable | disable}   Enable/disable withdrawing this route when link monitor or health check is down.
        set vrf {integer}   Virtual Routing Forwarding ID. range[0-31]
        set bfd {enable | disable}   Enable/disable Bidirectional Forwarding Detection (BFD).
    next
end
config router static6
    edit {seq-num}
    # Configure IPv6 static routing tables.
        set seq-num {integer}   Sequence number. range[0-4294967295]
        set status {enable | disable}   Enable/disable this static route.
        set dst {ipv6 network}   Destination IPv6 prefix.
        set gateway {ipv6 address}   IPv6 address of the gateway.
        set device {string}   Gateway out interface or tunnel. size[35] - datasource(s): system.interface.name
        set devindex {integer}   Device index (0 - 4294967295). range[0-4294967295]
        set distance {integer}   Administrative distance (1 - 255). range[1-255]
        set priority {integer}   Administrative priority (0 - 4294967295). range[0-4294967295]
        set comment {string}   Optional comments. size[255]
        set blackhole {enable | disable}   Enable/disable black hole.
        set virtual-wan-link {enable | disable}   Enable/disable egress through the virtual-wan-link.
        set bfd {enable | disable}   Enable/disable Bidirectional Forwarding Detection (BFD).
    next
end

Additional information

The following section is for those options that require additional explanation.

blackhole

Enable or disable dropping all packets that match this route. This route is advertised to neighbors through dynamic routing protocols as any other static route.

device

Note: This field is available when blackhole is disabled.

Enter the name of the interface through which to route traffic.

distance

Enter the administrative distance for the route. The distance value may influence route preference in the FortiGate unit routing table. The range is an integer from 1-255. See also distance under system interface.

dst

Enter the destination IPv4 address and network mask for this route.

You can enter 0.0.0.0 0.0.0.0 to create a new static default route.

dynamic-gateway

When enabled, dynamic-gateway hides the gateway variable for a dynamic interface, such as a DHCP or PPPoE interface. When the interface connects or disconnects, the corresponding routing entries are updated to reflect the change.

edit

Enter a sequence number for the static route. The sequence number may influence routing priority in the FortiGate unit forwarding table.

gateway

Note: This field is available when blackhole is disabled.

Enter the IP address of the next-hop router to which traffic is forwarded.

priority

The administrative priority value is used to resolve ties in route selection. In the case where both routes have the same priority, such as equal cost multi-path (ECMP), the IP source hash (based on the pre-NATed IP address) for the routes will be used to determine which route is selected.The priority range is an integer from 0 to 4294967295. Lower priority routes are preferred routes.

This field is only accessible through the CLI.

weight

Note: This option is available when the v4-ecmp-mode field of the config system settings command is set to weight-based, see system settings.

Enter weights for ECMP routes. More traffic is directed to routes with higher weights.

router {static | static6}

Use this command to add, edit, or delete static routes. Use static for IPv4 and static6 for IPv6.

You add static routes to manually control traffic exiting the FortiGate unit. You configure routes by specifying destination IP addresses and network masks and adding gateways for these destination addresses. Gateways are the next-hop routers to which traffic that matches the destination addresses in the route are forwarded.

You can adjust the administrative distance of a route to indicate preference when more than one route to the same destination is available. The lower the administrative distance, the greater the preferability of the route. If the routing table contains several entries that point to the same destination (the entries may have different gateways or interface associations), the FortiGate unit compares the administrative distances of those entries, selects the entries having the lowest distances, and installs them as routes in the FortiGate unit forwarding table. Any ties are resolved by comparing the routes’ priority, with lowest priority being preferred. As a result, the FortiGate unit forwarding table only contains routes having the lowest distances to every possible destination. If both administrative distance and priority are tied for two or more routes, an equal cost multi-path (ECMP) situation occurs. ECMP is available to static and OSPF routing. By default in ECMP, a source IP address hash will be used to determine the selected route. This hash value is based on the pre-NATed source IP address. This method results in all traffic originating from the same source IP address always using the same path. This is the Source based ECMP option, with Weighted, and Spill-over being the other two optional methods. The option is determined by the CLI command set v4-ecmp-mode in config system setting. Source Based is the default method. Weighted ECMP uses the weight field to direct more traffic to routes with larger weights. In spill-over or usage-based ECMP, the FortiGate unit distributes sessions among ECMP routes based on how busy the FortiGate interfaces added to the routes are. For more information on ECMP, seesystem settings.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set vrf <id>

Configure OSPF support for multiple virtual routing and forwarding (VRFs). Set the value between 0-31. FortiOS supports 32 VRFs (numbered 0 to 31) per VDOM.

This entry is only available when blackhole is set to enable.

set bfd {enable | disable}

Enable or disable (by default) Bidirectional Forwarding Detection (BFD) for IPv4 and/or IPv6 static routes to configure routing failover based on remote path failure detection. BFD removes a static route from the routing table if the FortiGate can't reach the route's destination and returns the route to the routing table if the route's destination is restored.

This entry is not available when blackhole is set to disable.

set src <source>

Set an IPv4 source prefix, allowing FortiGate to differentiate between multiple default routes.

This is necessary only for static routes in transparent mode.

set virtual-wan-link {enable | disable}

Enable or disable egress traffic through the virtual-wan-link.
config router static
    edit {seq-num}
    # Configure IPv4 static routing tables.
        set seq-num {integer}   Sequence number. range[0-4294967295]
        set status {enable | disable}   Enable/disable this static route.
        set dst {ipv4 classnet}   Destination IP and mask for this route.
        set src {ipv4 classnet}   Source prefix for this route.
        set gateway {ipv4 address}   Gateway IP for this route.
        set distance {integer}   Administrative distance (1 - 255). range[1-255]
        set weight {integer}   Administrative weight (0 - 255). range[0-255]
        set priority {integer}   Administrative priority (0 - 4294967295). range[0-4294967295]
        set device {string}   Gateway out interface or tunnel. size[35] - datasource(s): system.interface.name
        set comment {string}   Optional comments. size[255]
        set blackhole {enable | disable}   Enable/disable black hole.
        set dynamic-gateway {enable | disable}   Enable use of dynamic gateway retrieved from a DHCP or PPP server.
        set virtual-wan-link {enable | disable}   Enable/disable egress through the virtual-wan-link.
        set dstaddr {string}   Name of firewall address or address group. size[63] - datasource(s): firewall.address.name,firewall.addrgrp.name
        set internet-service {integer}   Application ID in the Internet service database. range[0-4294967295] - datasource(s): firewall.internet-service.id
        set internet-service-custom {string}   Application name in the Internet service custom database. size[64] - datasource(s): firewall.internet-service-custom.name
        set link-monitor-exempt {enable | disable}   Enable/disable withdrawing this route when link monitor or health check is down.
        set vrf {integer}   Virtual Routing Forwarding ID. range[0-31]
        set bfd {enable | disable}   Enable/disable Bidirectional Forwarding Detection (BFD).
    next
end
config router static6
    edit {seq-num}
    # Configure IPv6 static routing tables.
        set seq-num {integer}   Sequence number. range[0-4294967295]
        set status {enable | disable}   Enable/disable this static route.
        set dst {ipv6 network}   Destination IPv6 prefix.
        set gateway {ipv6 address}   IPv6 address of the gateway.
        set device {string}   Gateway out interface or tunnel. size[35] - datasource(s): system.interface.name
        set devindex {integer}   Device index (0 - 4294967295). range[0-4294967295]
        set distance {integer}   Administrative distance (1 - 255). range[1-255]
        set priority {integer}   Administrative priority (0 - 4294967295). range[0-4294967295]
        set comment {string}   Optional comments. size[255]
        set blackhole {enable | disable}   Enable/disable black hole.
        set virtual-wan-link {enable | disable}   Enable/disable egress through the virtual-wan-link.
        set bfd {enable | disable}   Enable/disable Bidirectional Forwarding Detection (BFD).
    next
end

Additional information

The following section is for those options that require additional explanation.

blackhole

Enable or disable dropping all packets that match this route. This route is advertised to neighbors through dynamic routing protocols as any other static route.

device

Note: This field is available when blackhole is disabled.

Enter the name of the interface through which to route traffic.

distance

Enter the administrative distance for the route. The distance value may influence route preference in the FortiGate unit routing table. The range is an integer from 1-255. See also distance under system interface.

dst

Enter the destination IPv4 address and network mask for this route.

You can enter 0.0.0.0 0.0.0.0 to create a new static default route.

dynamic-gateway

When enabled, dynamic-gateway hides the gateway variable for a dynamic interface, such as a DHCP or PPPoE interface. When the interface connects or disconnects, the corresponding routing entries are updated to reflect the change.

edit

Enter a sequence number for the static route. The sequence number may influence routing priority in the FortiGate unit forwarding table.

gateway

Note: This field is available when blackhole is disabled.

Enter the IP address of the next-hop router to which traffic is forwarded.

priority

The administrative priority value is used to resolve ties in route selection. In the case where both routes have the same priority, such as equal cost multi-path (ECMP), the IP source hash (based on the pre-NATed IP address) for the routes will be used to determine which route is selected.The priority range is an integer from 0 to 4294967295. Lower priority routes are preferred routes.

This field is only accessible through the CLI.

weight

Note: This option is available when the v4-ecmp-mode field of the config system settings command is set to weight-based, see system settings.

Enter weights for ECMP routes. More traffic is directed to routes with higher weights.