Fortinet black logo

CLI Reference

router static

router static

Use this command to configure static routes, including the default gateway.

Static routes direct traffic existing the FortiWeb appliance—you can specify through which network interface a packet will leave, and the IP address of a next-hop router that is reachable from that network interface. The router is aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations.

A default route is a special type of static route. A default route matches all packets, and defines a gateway router that can receive and route packets if no more specific static route is defined for the packet’s destination IP address.

During installation and setup, you should have configured at least one static route, a default route, that points to your gateway. You may configure additional static routes if you have multiple gateway routers, each of which should receive packets destined for a different subset of IP addresses.

For example, if a web server is directly attached to one of the network interfaces, but all other destinations, such as connecting clients, are located on distant networks such as the Internet, you might need to add only one route: a default route for the gateway router through which the FortiWeb appliance connects to the Internet.

The FortiWeb appliance examines the packet’s destination IP address and compares it to those of the static routes. If more than one route matches the packet, the FortiWeb appliance applies the route with the smallest index number. For this reason, you should give more specific routes a smaller index number than the default route.

To use this command, your administrator account’s access control profile must have either w or rw permission to the netgrp area. For details, see Permissions.

Syntax

config router static

edit <route_index>

set device "<interface_name>"

set dst "<destination_ip>"

set gateway "<router_ip>"

next

end

Variable Description Default

<route_index>

Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

The valid range is 0–65,535.

No default.

device "<interface_name>"

Enter the name of the network interface device, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

dst "<destination_ip>"

Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

0.0.0.0 0.0.0.0

gateway "<router_ip>"

Enter the IP address of a next-hop router.

Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

0.0.0.0

Example

This example configures a default route that forwards all packets to the gateway router 192.0.2.1, through the network interface named port1.

config router static

edit 0

set dst "0.0.0.0 0.0.0.0"

set gateway "192.0.2.1"

set device port1

next

end

Related topics

router static

Use this command to configure static routes, including the default gateway.

Static routes direct traffic existing the FortiWeb appliance—you can specify through which network interface a packet will leave, and the IP address of a next-hop router that is reachable from that network interface. The router is aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations.

A default route is a special type of static route. A default route matches all packets, and defines a gateway router that can receive and route packets if no more specific static route is defined for the packet’s destination IP address.

During installation and setup, you should have configured at least one static route, a default route, that points to your gateway. You may configure additional static routes if you have multiple gateway routers, each of which should receive packets destined for a different subset of IP addresses.

For example, if a web server is directly attached to one of the network interfaces, but all other destinations, such as connecting clients, are located on distant networks such as the Internet, you might need to add only one route: a default route for the gateway router through which the FortiWeb appliance connects to the Internet.

The FortiWeb appliance examines the packet’s destination IP address and compares it to those of the static routes. If more than one route matches the packet, the FortiWeb appliance applies the route with the smallest index number. For this reason, you should give more specific routes a smaller index number than the default route.

To use this command, your administrator account’s access control profile must have either w or rw permission to the netgrp area. For details, see Permissions.

Syntax

config router static

edit <route_index>

set device "<interface_name>"

set dst "<destination_ip>"

set gateway "<router_ip>"

next

end

Variable Description Default

<route_index>

Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

The valid range is 0–65,535.

No default.

device "<interface_name>"

Enter the name of the network interface device, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

dst "<destination_ip>"

Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

0.0.0.0 0.0.0.0

gateway "<router_ip>"

Enter the IP address of a next-hop router.

Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

0.0.0.0

Example

This example configures a default route that forwards all packets to the gateway router 192.0.2.1, through the network interface named port1.

config router static

edit 0

set dst "0.0.0.0 0.0.0.0"

set gateway "192.0.2.1"

set device port1

next

end

Related topics