Fortinet black logo

CLI Reference

system ha-mgmt-router-static

system ha-mgmt-router-static

For a FortiWeb applicance in an HA group, the configurations set by config router policy and config router static are synchronized by all the group members, but the configurations set by HA Mgmt Static Route or HA Mgmt Policy route are applied only to this specific member.

Use this command to add or delete a static route that is used only by this HA member. It is useful when you want to connect this cluster member to back-end servers that are not in the server pool of the HA group.

To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

Only one default route (the static route with destination as 0.0.0.0/0) is allowed on FortiWeb appliance. For example, if you have configured a default route in System > Network > Route, then it's not allowed to configure another default route in HA route settings.

Syntax

config system ha-mgmt-router-static

edit <route_index>

set device "<interface_name>"

set dst "<destination_ip>"

set gateway "<router_ip>"

next

end

Variable Description Default

<route_index>

Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

The valid range is 0–65,535.

No default.

device "<interface_name>"

Enter the name of the network interface, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

dst "<destination_ip>"

Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

0.0.0.0 0.0.0.0

gateway "<router_ip>"

Enter the IP address of a next-hop router.

Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

0.0.0.0

system ha-mgmt-router-static

For a FortiWeb applicance in an HA group, the configurations set by config router policy and config router static are synchronized by all the group members, but the configurations set by HA Mgmt Static Route or HA Mgmt Policy route are applied only to this specific member.

Use this command to add or delete a static route that is used only by this HA member. It is useful when you want to connect this cluster member to back-end servers that are not in the server pool of the HA group.

To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

Only one default route (the static route with destination as 0.0.0.0/0) is allowed on FortiWeb appliance. For example, if you have configured a default route in System > Network > Route, then it's not allowed to configure another default route in HA route settings.

Syntax

config system ha-mgmt-router-static

edit <route_index>

set device "<interface_name>"

set dst "<destination_ip>"

set gateway "<router_ip>"

next

end

Variable Description Default

<route_index>

Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

The valid range is 0–65,535.

No default.

device "<interface_name>"

Enter the name of the network interface, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

dst "<destination_ip>"

Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

0.0.0.0 0.0.0.0

gateway "<router_ip>"

Enter the IP address of a next-hop router.

Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

0.0.0.0