Use this command to configure static routes, including the default gateway.
Static routes direct traffic existing the FortiWeb appliance—you can specify through which network interface a packet will leave, and the IP address of a next-hop router that is reachable from that network interface. The router is aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations.
A default route is a special type of static route. A default route matches all packets, and defines a gateway router that can receive and route packets if no more specific static route is defined for the packet’s destination IP address.
During installation and setup, you should have configured at least one static route, a default route, that points to your gateway. You may configure additional static routes if you have multiple gateway routers, each of which should receive packets destined for a different subset of IP addresses.
For example, if a web server is directly attached to one of the network interfaces, but all other destinations, such as connecting clients, are located on distant networks such as the Internet, you might need to add only one route: a default route for the gateway router through which the FortiWeb appliance connects to the Internet.
The FortiWeb appliance examines the packet’s destination IP address and compares it to those of the static routes. If more than one route matches the packet, the FortiWeb appliance applies the route with the smallest index number. For this reason, you should give more specific routes a smaller index number than the default route.
To use this command, your administrator account’s access control profile must have either
rw permission to the
netgrp area. For details, see Permissions.
config router static
Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.
The valid range is 0–65,535.
|Enter the name of the network interface device, such as
port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters.
Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.
To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter
Enter the IP address of a next-hop router.
Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.
This example configures a default route that forwards all packets to the gateway router
192.0.2.1, through the network interface named
config router static
set dst "0.0.0.0 0.0.0.0"
set gateway "192.0.2.1"
set device port1