Fortinet black logo

Cookbook

Verifying the correct route is being used

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:838132
Download PDF

Verifying the correct route is being used

Run a trace route from a machine in the local area network (LAN) to ensure traffic is flowing as expected through the correct route when there is more than one default route.

In the following example output:

  • The first hop contains the IP address 10.10.1.99, which is the internal interface of the FortiGate.
  • The second hop contains the IP address 172.20.120.2, to which the wan1 interface of the FortiGate is connected.

This means the route through the wan1 interface is being used for this traffic.

C:\>tracert www.fortinet.com

Tracing route to www.fortinet.com [66.171.121.34]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.10.1.99

2 1 ms <1 ms <1 ms 172.20.120.2

3 3 ms 3 ms 3 ms static-209-87-254-221.storm.ca [209.87.254.221]

4 3 ms 3 ms 3 ms core-2-g0-2.storm.ca [209.87.239.129]

5 13 ms 13 ms 13 ms core-3-bdi1739.storm.ca [209.87.239.199]

6 12 ms 19 ms 11 ms v502.core1.tor1.he.net [216.66.41.113]

7 22 ms 22 ms 21 ms 100ge1-2.core1.nyc4.he.net [184.105.80.9]

8 84 ms 84 ms 84 ms ny-paix-gni.twgate.net [198.32.118.41]

9 82 ms 84 ms 82 ms 217-228-160-203.TWGATE-IP.twgate.net [203.160.22

8.217]

10 82 ms 81 ms 82 ms 229-228-160-203.TWGATE-IP.twgate.net [203.160.22

8.229]

11 82 ms 82 ms 82 ms 203.78.181.2

12 84 ms 83 ms 83 ms 203.78.186.70

13 84 ms * 85 ms 66.171.127.177

14 84 ms 84 ms 84 ms fortinet.com [66.171.121.34]

15 84 ms 84 ms 83 ms fortinet.com [66.171.121.34]

You can also see the route taken for each session by debugging the packet flow in the CLI. For more information, see Debugging the packet flow

Verifying the correct route is being used

Run a trace route from a machine in the local area network (LAN) to ensure traffic is flowing as expected through the correct route when there is more than one default route.

In the following example output:

  • The first hop contains the IP address 10.10.1.99, which is the internal interface of the FortiGate.
  • The second hop contains the IP address 172.20.120.2, to which the wan1 interface of the FortiGate is connected.

This means the route through the wan1 interface is being used for this traffic.

C:\>tracert www.fortinet.com

Tracing route to www.fortinet.com [66.171.121.34]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.10.1.99

2 1 ms <1 ms <1 ms 172.20.120.2

3 3 ms 3 ms 3 ms static-209-87-254-221.storm.ca [209.87.254.221]

4 3 ms 3 ms 3 ms core-2-g0-2.storm.ca [209.87.239.129]

5 13 ms 13 ms 13 ms core-3-bdi1739.storm.ca [209.87.239.199]

6 12 ms 19 ms 11 ms v502.core1.tor1.he.net [216.66.41.113]

7 22 ms 22 ms 21 ms 100ge1-2.core1.nyc4.he.net [184.105.80.9]

8 84 ms 84 ms 84 ms ny-paix-gni.twgate.net [198.32.118.41]

9 82 ms 84 ms 82 ms 217-228-160-203.TWGATE-IP.twgate.net [203.160.22

8.217]

10 82 ms 81 ms 82 ms 229-228-160-203.TWGATE-IP.twgate.net [203.160.22

8.229]

11 82 ms 82 ms 82 ms 203.78.181.2

12 84 ms 83 ms 83 ms 203.78.186.70

13 84 ms * 85 ms 66.171.127.177

14 84 ms 84 ms 84 ms fortinet.com [66.171.121.34]

15 84 ms 84 ms 83 ms fortinet.com [66.171.121.34]

You can also see the route taken for each session by debugging the packet flow in the CLI. For more information, see Debugging the packet flow