router : route-map
 
route-map
Use this command to add, edit, or delete route maps. To use the command to limit the number of received or advertised BGP and RIP routes and routing updates using route maps, see “Using route maps with BGP”, and RIP “config redistribute”.
Route maps provide a way for the FortiGate unit to evaluate optimum routes for forwarding packets or suppressing the routing of packets to particular destinations. Compared to access lists, route maps support enhanced packet-matching criteria. In addition, route maps can be configured to permit or deny the addition of routes to the FortiGate unit routing table and make changes to routing information dynamically as defined through route-map rules.
The FortiGate unit compares the rules in a route map to the attributes of a route. The rules are examined in ascending order until one or more of the rules in the route map are found to match one or more of the route attributes:
When a single matching match-* rule is found, changes to the routing information are made as defined through the rule’s set-ip-nexthop, set-metric, set-metric-type, and/or set-tag settings.
If no matching rule is found, no changes are made to the routing information.
When more than one match-* rule is defined, all of the defined match-* rules must evaluate to TRUE or the routing information is not changed.
If no match-* rules are defined, the FortiGate unit makes changes to the routing information only when all of the default match-* rules happen to match the attributes of the route.
The default rule in the route map (which the FortiGate unit applies last) denies all routes. For a route map to take effect, it must be called by a FortiGate unit routing process.
 
Any fields and rules that to not appear here can be found in the BGP route-map section. See “Using route maps with BGP”.
Syntax
config router route-map
edit <route_map_name>
set comments <string>
config rule
edit <route_map_rule_id>
set action {deny | permit}
set match-interface <name_str>
set match-ip-address <access/prefix-listname_str>
set match-ip-nexthop <access/prefix-listname_str>
set match-metric <metric_integer>
set match-route-type {1 | 2}
set match-tag <tag_integer>
set set-ip-nexthop <address_ipv4>
set set-metric <metric_integer>
set set-metric-type {1 | 2}
set set-tag <tag_integer>
end
end
All fields are optional.
Variable
Description
Default
edit <route_map_name>
Enter a name for the route map.
No default.
comments <string>
Enter a description for this route map name.
No default.
config rule variables
edit <route_map_rule_id>
Enter an entry number for the rule. The number must be an integer.
No default.
action {deny | permit}
Enter permit to permit routes that match this rule. Enter deny to deny routes that match this rule.
permit
match-interface <name_str>
Enter the name of the local FortiGate unit interface that will be used to match route interfaces.
Null
match-ip-address <access/prefix-listname_str>
Match a route if the destination address is included in the specified access list or prefix list.
Null
match-ip6-address <access/prefix-listname_str>
Match a route if the destination IPv6 address is included in the specified access6 list or prefix6 list.
Null
match-ip-nexthop <access/prefix-listname_str>
Match a route that has a next-hop router address included in the specified access list or prefix list.
Null
match-ip6-nexthop <access/prefix-listname_str>
Match a route that has a next-hop router address included in the specified access6 list or prefix6 list.
Null
match-metric <metric_integer>
Match a route with the specified metric. The metric can be a number from 1 to 16.
0
match-route-type {1 | 2}
Match a route that has the external type set to 1 or 2.
external-type1
match-tag <tag_integer>
This field is available when set-tag is set.
Match a route that has the specified tag.
0
set-ip-nexthop <address_ipv4>
Set the next-hop router address for a matched route.
0.0.0.0
set-ip6-nexthop <address_ipv6>
Set the next-hop router IPv6 address for a matched route.
::0
set-ip6-nexthop-local <address_ipv6>
Set the next-hop router local IPv6 address for a matched route.
::0
set-metric <metric_integer>
Set a metric value of 1 to 16 for a matched route.
0
set-metric-type {1 | 2}
Set the type for a matched route.
external-type1
set-tag <tag_integer>
Set a tag value for a matched route.
0
Example
This example shows how to add a route map list named rtmp2 with two rules. The first rule denies routes that match the IP addresses in an access list named acc_list2. The second rule permits routes that match a metric of 2 and changes the metric to 4.
config router route-map
edit rtmp2
config rule
edit 1
set match-ip-address acc_list2
set action deny
next
edit 2
set match-metric 2
set action permit
set set-metric 4
end
end