Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.5
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 8.0.5 CLI Reference
    8.0.5
    8.0.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.8
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    system ha-mgmt-router-static

    system ha-mgmt-router-static

    Use this command to configure a static route used exclusively by an individual high availability (HA) cluster member in Active-Passive (AP) or Standard Active-Active (AAS) mode.

    This command does not apply to High Volume Active-Active (AAH) mode. In an AAH cluster, network synchronization is disabled between the primary and secondary nodes to allow each member independent control over its network routing.

    For appliances in an AP or AAS HA group, configurations defined via config router policy and config router static synchronize across all group members. Conversely, configurations defined via config system ha-mgmt-router-static or config system ha-mgmt-router-policy apply solely to the specific local member. This local routing mechanism allows you to connect a specific cluster member to backend servers or management networks outside the shared server pool of the HA group.

    To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

    Only one default route (the static route with destination as 0.0.0.0/0) is allowed on FortiWeb appliance. For example, if you have configured a default route in Network > Route, then it's not allowed to configure another default route in HA route settings.

    Syntax

    config system ha-mgmt-router-static

    edit <route_index>

    set device "<interface_name>"

    set dst "<destination_ip>"

    set gateway "<router_ip>"

    next

    end

    Variable Description Default

    <route_index>

    Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

    The valid range is 0–65,535.

    		 No default.

    device "<interface_name>"

    		 Enter the name of the network interface, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

    dst "<destination_ip>"

    Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

    To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

    		 0.0.0.0 0.0.0.0

    gateway "<router_ip>"

    Enter the IP address of a next-hop router.

    Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

    		 0.0.0.0
    Previous
    Next

    system ha-mgmt-router-static

    system ha-mgmt-router-static

    Use this command to configure a static route used exclusively by an individual high availability (HA) cluster member in Active-Passive (AP) or Standard Active-Active (AAS) mode.

    This command does not apply to High Volume Active-Active (AAH) mode. In an AAH cluster, network synchronization is disabled between the primary and secondary nodes to allow each member independent control over its network routing.

    For appliances in an AP or AAS HA group, configurations defined via config router policy and config router static synchronize across all group members. Conversely, configurations defined via config system ha-mgmt-router-static or config system ha-mgmt-router-policy apply solely to the specific local member. This local routing mechanism allows you to connect a specific cluster member to backend servers or management networks outside the shared server pool of the HA group.

    To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

    Only one default route (the static route with destination as 0.0.0.0/0) is allowed on FortiWeb appliance. For example, if you have configured a default route in Network > Route, then it's not allowed to configure another default route in HA route settings.

    Syntax

    config system ha-mgmt-router-static

    edit <route_index>

    set device "<interface_name>"

    set dst "<destination_ip>"

    set gateway "<router_ip>"

    next

    end

    Variable Description Default

    <route_index>

    Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.

    The valid range is 0–65,535.

    		 No default.

    device "<interface_name>"

    		 Enter the name of the network interface, such as port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters. No default.

    dst "<destination_ip>"

    Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.

    To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter 0.0.0.0 0.0.0.0 or ::/0.

    		 0.0.0.0 0.0.0.0

    gateway "<router_ip>"

    Enter the IP address of a next-hop router.

    Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.

    		 0.0.0.0
    Previous
    Next