Created on 06-15-2010 06:05 AM Edited on 06-09-2022 08:51 PM By Anonymous
Description
This article describes a solution addressing specific or occasional requirements where a FortiGate has got multiple identical routes configured with the same next-hop but on different interfaces.
This scenario is illustrated in the following diagram.
ISP1
[ ] port1 --[ L2 switch ]-- [ router1 ] == INTERNET
LAN ===[ FortiGate ] port2 --[ L2 switch ]-- [ router1 ]
[ ]
[ ] port5 --[ PPPoE ]---- [ router2 ] == INTERNET
[ ] port6 --[ PPPoE ]---- [ router2 ]
ISP2
Assumptions and requirements:
The related articles at the end of this document contain more details about next-hop validity and dual link scenario.
Scope
Example provided for FortiOS 4.0 MR2.
Solution
The following CLI configuration will apply to this network scenario:
config system settings set allow-subnet-overlap enable <<< this is for port1 and port2 end config system interface edit "port1" set vdom "root" set ip 192.168.182.136 255.255.254.0 set allowaccess ping https ssh http telnet set type physical next edit "port2" set vdom "root" set ip 192.168.182.137 255.255.254.0 set allowaccess ping set type physical next edit "port5" set vdom "root" set mode pppoe set allowaccess ping set type physical set username "username" set password ENC <pass> set defaultgw enable next edit "port6" set vdom "root" set mode pppoe set allowaccess ping set type physical set username "username" set password ENC <pass> set defaultgw enable next end config router static edit 1 set device "port1" set distance 5 set gateway 192.168.183.254 next edit 2 set device "port2" set distance 5 set gateway 192.168.183.254 next end |
FGT# get router info routing-table all S* 0.0.0.0/0 [5/0] via 172.31.231.254, ppp0 [5/0] via 172.31.231.254, ppp1 [5/0] via 192.168.183.254, port1 [5/0] via 192.168.183.254, port2 C 172.31.230.20/32 is directly connected, ppp0 C 172.31.230.21/32 is directly connected, ppp1 C 172.31.231.254/32 is directly connected, ppp1 is directly connected, ppp0 C 192.168.182.0/23 is directly connected, port2 is directly connected, port1 |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.