router : static
 
static
Use this command to add, edit, or delete static routes for IPv4 traffic. For IPv6 traffic, use the static6 command at router static6.
You add static routes to manually control traffic exiting the FortiGate unit. You configure routes by specifying destination IP addresses and network masks and adding gateways for these destination addresses. Gateways are the next-hop routers to which traffic that matches the destination addresses in the route are forwarded.
You can adjust the administrative distance of a route to indicate preference when more than one route to the same destination is available. The lower the administrative distance, the greater the preferability of the route. If the routing table contains several entries that point to the same destination (the entries may have different gateways or interface associations), the FortiGate unit compares the administrative distances of those entries, selects the entries having the lowest distances, and installs them as routes in the FortiGate unit forwarding table. Any ties are resolved by comparing the routes’ priority, with lowest priority being preferred. As a result, the FortiGate unit forwarding table only contains routes having the lowest distances to every possible destination.If both administrative distance and priority are tied for two or more routes, an equal cost multi-path (ECMP) situation occurs. ECMP is available to static and OSPF routing. By default in ECMP, a source IP address hash will be used to determine the selected route. This hash value is based on the pre-NATed source IP address. This method results in all traffic originating from the same source IP address always using the same path. This is the Source based ECMP option, with Weighted, and Spill-over being the other two optional methods. The option is determined by the CLI command set v4-ecmp-mode in config system setting. Source Based is the default method. Weighted ECMP uses the weight field to direct more traffic to routes with larger weights. In spill-over or usage-based ECMP, the FortiGate unit distributes sessions among ECMP routes based on how busy the FortiGate interfaces added to the routes are. For more information on ECMP, see system settings.
Syntax
config router static
edit <index-int>
set blackhole {enable | disable}
set device <interface_name>
set distance <distance>
set dst <destination-address_ipv4mask>
set dynamic-gateway {enable | disable}
set gateway <gateway-address_ipv4>
set priority <integer>
set weight <integer>
end
The dst and gateway fields are required when blackhole is disabled. When blackhole is enabled, the dst field is required. All other fields are optional.
Variable
Description
Default
edit <index-int>
Enter the unique ID number of this static route.
No default.
blackhole {enable | disable}
Enable or disable dropping all packets that match this route. This route is advertised to neighbors through dynamic routing protocols as any other static route.
disable
device <interface_name>
This field is available when blackhole is set to disable.
Enter the name of the FortiGate unit interface through which to route traffic. Use ‘?’ to see a list of interfaces.
Null
distance <distance>
Enter the administrative distance for the route. The distance value may influence route preference in the FortiGate unit routing table. The range is an integer from 1‑255. See also config system interface “distance <distance_integer>” on page 259.
10
dst <destination-address_ipv4mask>
Enter the destination IPv4 address and network mask for this route.
You can enter 0.0.0.0 0.0.0.0 to create a new static default route.
0.0.0.0 0.0.0.0
dynamic-gateway {enable | disable}
When enabled, dynamic-gateway hides the gateway variable for a dynamic interface, such as a DHCP or PPPoE interface. When the interface connects or disconnects, the corresponding routing entries are updated to reflect the change.
disable
gateway <gateway-address_ipv4>
This field is available when blackhole is set to disable.
Enter the IPv4 address of the next-hop router to which traffic is forwarded.
0.0.0.0
priority <integer>
The administrative priority value is used to resolve ties in route selection. In the case where both routes have the same priority, such as equal cost multi-path (ECMP), the IP source hash (based on the pre-NATed IP address) for the routes will be used to determine which route is selected.The priority range is an integer from 0 to 4294967295. Lower priority routes are preferred routes.
This field is only accessible through the CLI.
0
weight <integer>
Add weights to ECMP static routes if the ECMP route failover and load balance method is set to weighted.
Enter weights for ECMP routes. More traffic is directed to routes with higher weights.
This option is available when the v4-ecmp-mode field of the config system settings command is set to weight-based. For more information, see system settings.
0