Static Route Router Static
FortiGate Version 4.0 MR1 Administration Guide
338 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Blackhole routes can also limit traffic on a subnet. If some subnet addresses are not in
use, traffic to those addresses (traffic which may be valid or malicious) can be directed to
a blackhole for added security and to reduce traffic on the subnet.
The loopback interface, a virtual interface that does not forward traffic, was added to
enable easier configuration of blackhole routing. Similar to a normal interface, this
loopback interface has fewer parameters to configure, and all traffic sent to it stops there.
Since it cannot have hardware connection or link status problems, it is always available,
making it useful for other dynamic routing roles. Once configured, you can use a loopback
interface in firewall policies, routing, and other places that refer to interfaces. You
configure this feature only from the CLI. For more information, see the system chapter of
the FortiGate CLI Reference.
Static Route
You configure static routes by defining the destination IP address and netmask of packets
that you intend the FortiGate unit to intercept, and by specifying a (gateway) IP address
for those packets. The gateway address specifies the next-hop router to which traffic will
be routed.
Working with static routes
The Static Route list displays information that the FortiGate unit compares to packet
headers in order to route packets. Initially, the list contains the factory configured static
default route. For more information, see “Default route and default gateway” on page 340.
You can add new entries manually.
When you add a static route to the Static Route list, the FortiGate unit performs a check to
determine whether a matching route and destination already exist in the FortiGate routing
table. If no match is found, the FortiGate unit adds the route to the routing table.
When IPv6 is enabled in the GUI, IPv6 routes are visible on the Static Route list.
Otherwise, IPv6 routes are not displayed. For more information on IPv6, see “FortiGate
IPv6 support” on page 289.
To view the static route list, go to Router > Static > Static Route.
Figure 177 shows the static route list belonging to a FortiGate unit that has interfaces
named “port1” and “port2”. The names of the interfaces on your FortiGate unit may be
different.
Note: You can use the config router static6 CLI command to add, edit, or delete
static routes for IPv6 traffic. For more information, see the “router” chapter of the FortiGate
CLI Reference.
Note: Unless otherwise specified, static route examples and procedures are for IPv4 static
routes.
To Next Page
Loading...
Need help?
General
