Created on 09-22-2020 01:06 AM Edited on 03-27-2024 02:35 AM By Jean-Philippe_P
Description
This article describes how to configure VRF (virtual routing and forwarding) IDs directly on the interface from GUI.
Scope
FortiGate versions 6.0 and 6.2 only support VRF configuration through the CLI. 6.4.2 and later versions have added GUI support. On FortiOS 7.2.1, the number of VRFs per VDOM has increased from 32 to 64 to support large SD-WAN, VPN, and BGP deployments. Up to 64 VRFs can be configured per VDOM on devices that support 200 VDOMs.
The VRF ID range has changed to 0 - 63, but this is applicable only for devices that are running FortiOS 7.2.1+.
Starting from FortiOS v7.2.4, the number of VRFs per VDOMs has been increased to 252.
Solution
VRF IDs can be displayed in the routing monitor and can be used to create black hole static routes.
VRF allows multiple routing table instances to co-exist on the same router.
One or more interfaces have a VRF, and packets are only forwarded between interfaces with the same VRF.
Enable Advanced Routing in System -> Feature Visibility to use this feature.
Configure a VRF ID from the GUI:
Configure a VRF ID from the CLI:
config system interface
edit test_interface
...
set vrf 14
next
end
Add a blackhole static route using the VRF ID.
config router static
edit 3
set dst 8.8.8.8 255.255.255.255
set blackhole enable
set vrf 14
next
There is no need to assign the VRF 14 in the static route configuration for 'test_interface'.
All routes relating to interface 'test_interface' are automatically isolated to the VRF 14 routing table.
However, to create blackhole static routes in VRF 14, it is necessary to mention the VRF 14 in the static route configuration as the blackhole route is never bound to any interface.
Command to check all VRF's routing table:
get router info routing-table all
Command to check specific VRF routing table:
get router info routing-table all vrf <VRF_ID>
get router info routing-table all vrf 14
get router info routing-table all vrf 0
Command to check specific VRF routing table database:
get router info routing-table database vrf <VRF_ID>
get router info routing-table database vrf 14
get router info routing-table database vrf 0
Likewise, if the OSPF is configured on interface VRF, verify the OSPF routes for that VRF using:
get router info routing-table ospf vrf <VRF_ID>
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.