FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JohnDevNet_FTNT
Article Id 196767

Description

Sometimes, it is require to redistribute all static routes but it is not require to redistribute the default route.

Here, there is FortiGate unit receiving 5 routes and a default route via RIP protocol.

Filter the default route when redistributing static Routes into RIP.
CENTRAL-SITE # get router info routing-table rip
R*      0.0.0.0/0 [120/2] via 11.11.11.2, port1, 00:00:20
R       1.1.1.1/32 [120/2] via 11.11.11.2, port1, 01:20:22
R       2.2.2.2/32 [120/2] via 11.11.11.2, port1, 01:20:22
R       3.3.3.3/32 [120/2] via 11.11.11.2, port1, 01:20:22
R       4.4.4.4/32 [120/2] via 11.11.11.2, port1, 01:20:22
R       192.168.200.0/24 [120/2] via 11.11.11.2, port1, 04:12:36

Note: This FortiGate unit is receiving the routes. Filtering will be configured on the devices which is redistributing the static routes.


Solution

1) Create a Prefix list to filter the Default route and permit all other routes

#config router prefix-list
        edit "PREFIX-DEFAULT-ROUTE"
                    config rule
                edit 1
                    set action deny
                    set prefix 0.0.0.0 0.0.0.0
                    unset ge
                    unset le
                next
            edit 2
                set prefix 0.0.0.0 0.0.0.0
                unset ge
                set le 32
            next
        end
    next
end
2) Create route map and use the prefix list created in step one.
BRANCH-OFFICE # show router route-map
config router route-map
    edit "RM-REDISTRIBUTE-STATIC-RIP"
        config rule
            edit 1
                set match-ip-address "PREFIX-DEFAULT-ROUTE"
            next
        end
    next
end
3) Apply route map into static redistribution as below:
#config router rip
#config redistribute "static"
    set status enable
    set routemap "RM-REDISTRIBUTE-STATIC-RIP"
end
Verification:

After configuration performed, default route is not being received on this FortiGate. See below:
CENTRAL-SITE # get router info routing-table rip

R       1.1.1.1/32 [120/2] via 11.11.11.2, port1, 01:31:04
R       2.2.2.2/32 [120/2] via 11.11.11.2, port1, 01:31:04
R       3.3.3.3/32 [120/2] via 11.11.11.2, port1, 01:31:04
R       4.4.4.4/32 [120/2] via 11.11.11.2, port1, 01:31:04
R       192.168.200.0/24 [120/2] via 11.11.11.2, port1, 04:23:18

 

Contributors