Basic Networking : Configuring static routes
Configuring static routes
Network systems maintain route tables to determine where to forward TCP/IP packets. Routes for outbound traffic are chosen according to the following priorities:
1. Link local routes—Self-traffic uses link local routes.
2. LLB Link Policy route—Configured policy routes have priority over default routes.
3. Policy route—Configured policy routes have priority over default routes.
4. Static route / ISP route / OSPF route—Priority is based on the distance metric. By default, distance for static routes is 10, for ISP routes is 20, and for OSPF routes is 110. The distance metric is configurable for static routes and OSPF routes, but not ISP routes.
5. Default LLB Link Policy route—Default routes have lower priority than configured routes.
6. Default static route / OSPF route—Default routes have lower priority than configured routes.
The system evaluates content route rules first, then policy routes, then static routes. The packets are routed to the first route that matches. The static route table, therefore, is the one that must include a “default route” to be used when no more specific route has been determined.
Static routes specify the IP address of a next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways, and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. The FortiADC system itself does not need to know the full route, as long as the routers can pass along the packet.
You must configure at least one static route that points to a router, often a router that is the gateway to the Internet. You might need to configure multiple static routes if you have multiple gateway routers, redundant ISP links, or other special routing cases.
Before you begin:
You must have Read-Write permission for System settings.
To configure a static route:
1. Go to Networking > Routing.
The configuration page displays the Static tab.
2. Click Add to display the configuration editor.
3. Complete the configuration as described in Table 79.
4. Save the configuration.
Table 79: Static route configuration
Address/mask notation to match the destination IP in the packet header.
Specify or ::/0 to set a default route for all packets.
It is a best practice to include a default route. If there is no other, more specific static route defined for a packet’s destination IP address, a default route will match the packet, and pass it to a gateway router so that any packet can reach its destination.
If you do not define a default route, and if there is a gap in your routes where no route matches a packet’s destination IP address, packets passing through the FortiADC towards those IP addresses will, in effect, be null routed. While this can help to ensure that unintentional traffic cannot leave your FortiADC and therefore can be a type of security measure, the result is that you must modify your routes every time that a new valid destination is added to your network. Otherwise, it will be unreachable. A default route ensures that this kind of locally-caused “destination unreachable” problem does not occur.
Specify the IP address of the next-hop router where the FortiADC system will forward packets for this static route. This router must know how to route packets to the destination IP addresses that you have specified, or forward packets to another router with this information.
For a direct Internet connection, this will be the router that forwards traffic towards the Internet, and could belong to your ISP.
The gateway must be in the same subnet as the interface used to reach it.
The default administrative distance is 10, which makes it preferred to OSPF routes that have a default of 110. We recommend you do not change these settings unless your deployment has exceptional requirements.
To configure a static route using the CLI:
config router static
edit 1
set destination <ip address/netmask>
set gateway <ip address>
set distance <value>