Description
This article describes how to configure a static route with address objects or address groups.
Scope
FortiGate.
Solution
Configure a standard address through the GUI under Policy & Objects, specifying the name, type, and subnet:
GUI view:
CLI view of the created address object:
# sh firewall address Test_range
# config firewall address
edit "Test_range"
set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
set subnet 10.0.0.0 255.255.255.0
next
end
edit "Test_range"
set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
set subnet 10.0.0.0 255.255.255.0
next
end
Configure a standard address group in the GUI under Policy & Objects, specifying the name and the members:
GUI view:
CLI view of the created address group:
# sh firewall addrgrp Test_group
# config firewall addrgrp
edit "Test_group"
set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
set member "Test_range"
next
end
edit "Test_group"
set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
set member "Test_range"
next
end
If a static route is configured with an address object or group as a destination, there will be no entries.
# conf router static
# edit 1
new entry '1' added
# set dstaddr
<string> please input string value
# set dstaddr
# edit 1
new entry '1' added
# set dstaddr
<string> please input string value
# set dstaddr
Enable static route configuration from the GUI or add 'set allow-routing enable' from the CLI for the address object or address group:
# sh firewall address Test_range
# config firewall address
edit "Test_range"
set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
set allow-routing enable
set subnet 10.0.0.0 255.255.255.0
next
end
edit "Test_range"
set uuid 1e123290-e041-51e9-b531-e5c4e2980e1a
set allow-routing enable
set subnet 10.0.0.0 255.255.255.0
next
end
# sh firewall addrgrp Test_group
# config firewall addrgrp
edit "Test_group"
set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
set member "Test_range"
set allow-routing enable
next
end
edit "Test_group"
set uuid dd0497ce-e041-51e9-1b4e-bc11d7cc083c
set member "Test_range"
set allow-routing enable
next
end
If the static route is configured with an address object or group as the destination, there will be available entries:
# conf router static
# edit 1
# set dstaddr
<string> please input string value
Test_range address
Test_group addrgrp
# set dstaddr
# edit 1
# set dstaddr
<string> please input string value
Test_range address
Test_group addrgrp
# set dstaddr
It is possible to check the configured static route under Network -> Static Routes from the GUI or with show router static in the CLI
# sh router static
# config router static
edit 1
set gateway 192.168.1.1
set device "wan1"
set dstaddr "Test_group"
next
end
edit 1
set gateway 192.168.1.1
set device "wan1"
set dstaddr "Test_group"
next
end
Verification:
# get router info routing-table details 10.0.0.0
Routing table for VRF=0
Routing entry for 10.0.0.0/24
Known via "static", distance 10, metric 0, best
* vrf 0 192.168.1.1, via port1
