Networking : Configuring static routes
 
Configuring static routes
Network systems maintain route tables to determine where to forward TCP/IP packets.
The FortiADC system route table includes potentially three types routes:
1. Content routes—Content routes are based on application layer values, specifically the URL or Host: field in the HTTP header.
2. Policy routes—Policy routes are based on IP layer values, specifically the source and/or destination fields.
3. Static routes—Static routes are based on IP layer values, specifically the destination field.
The system evaluates content route rules first, then policy routes, then static routes. The packets are routed to the first route that matches. The static route table, therefore, is the one that must include a “default route” to be used when no more specific route has been determined.
Static routes specify the IP address of a next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. The FortiADC system itself does not need to know the full route, as long as the routers can pass along the packet.
You must configure at least one static route that points to a router, often a router that is the gateway to the Internet. You might need to configure multiple static routes if you have multiple gateway routers, redundant ISP links, or other special routing cases.
Before you begin:
You must have Read-Write permission for System settings.
To configure a static route:
1. Go to Networking > Routing.
The configuration page displays the Static tab.
2. Click Add to display the configuration editor.
3. Complete the configuration as described in Table 46.
4. Save the configuration.
Table 46: Static route configuration
Settings
Guidelines
Destination
Address/mask notation to match the destination IP in the packet header.
Specify 0.0.0.0/0 or ::/0 to set a default route for all packets.
It is a best practice to include a default route. If there is no other, more specific static route defined for a packet’s destination IP address, a default route will match the packet, and pass it to a gateway router so that any packet can reach its destination.
If you do not define a default route, and if there is a gap in your routes where no route matches a packet’s destination IP address, packets passing through the FortiADC towards those IP addresses will, in effect, be null routed. While this can help to ensure that unintentional traffic cannot leave your FortiADC and therefore can be a type of security measure, the result is that you must modify your routes every time that a new valid destination is added to your network. Otherwise, it will be unreachable. A default route ensures that this kind of locally-caused “destination unreachable” problem does not occur.
Gateway
Specify the IP address of the next-hop router where the FortiADC system will forward packets for this static route. This router must know how to route packets to the destination IP addresses that you have specified in Destination IP/Mask, or forward packets to another router with this information.
For a direct Internet connection, this will be the router that forwards traffic towards the Internet, and could belong to your ISP.
The gateway must be in the same subnet as the interface used to reach it.
Distance
The default administrative distance is 10, which makes it preferred to OSPF routes that have a default of 110. We recommend you do not change these settings unless you deployment has exceptional requirements.
 
 
To configure a static route using the CLI:
config router static
edit 1
set destination <ip address/netmask>
set gateway <ip address>
set distance <value>
end