Description
This article describes a solution addressing specific or occasional requirements where a FortiGate has got multiple identical routes configured with the same next-hop but on different interfaces.
This scenario is illustrated in the following diagram.
ISP1
[ ] port1 --[ L2 switch ]-- [ router1 ] == INTERNET
LAN ===[ FortiGate ] port2 --[ L2 switch ]-- [ router1 ]
[ ]
[ ] port5 --[ PPPoE ]---- [ router2 ] == INTERNET
[ ] port6 --[ PPPoE ]---- [ router2 ]
ISP2
Assumptions and requirements:
-
to reach the Internet, four default routes are used for this example.
-
router1 is the next-hop from ISP1 configured with 2 static default routes via port1 and port2. This assumes that port1 and port2 are in the same subnet if the next-hop is the same (see related articles about next-hop validity).
-
port5 and port6 are connected to the same ISP (ISP2) with PPPoE, and will/may therefore acquire the same default gateway: router2.
The related articles at the end of this document contain more details about next-hop validity and dual link scenario.
Scope
Example provided for FortiOS 4.0 MR2.
Solution
The following CLI configuration will apply to this network scenario:
config system settings
set allow-subnet-overlap enable <<< this is for port1 and port2
end
config system interface
edit "port1"
set vdom "root"
set ip 192.168.182.136 255.255.254.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "port2"
set vdom "root"
set ip 192.168.182.137 255.255.254.0
set allowaccess ping
set type physical
next
edit "port5"
set vdom "root"
set mode pppoe
set allowaccess ping
set type physical
set username "username"
set password ENC <pass>
set defaultgw enable
next
edit "port6"
set vdom "root"
set mode pppoe
set allowaccess ping
set type physical
set username "username"
set password ENC <pass>
set defaultgw enable
next
end
config router static
edit 1
set device "port1"
set distance 5
set gateway 192.168.183.254
next
edit 2
set device "port2"
set distance 5
set gateway 192.168.183.254
next
end |
Routing table verification
The following table shows the four default routes with twice the same next-hop
FGT# get router info routing-table all
S* 0.0.0.0/0 [5/0] via 172.31.231.254, ppp0
[5/0] via 172.31.231.254, ppp1
[5/0] via 192.168.183.254, port1
[5/0] via 192.168.183.254, port2
C 172.31.230.20/32 is directly connected, ppp0
C 172.31.230.21/32 is directly connected, ppp1
C 172.31.231.254/32 is directly connected, ppp1
is directly connected, ppp0
C 192.168.182.0/23 is directly connected, port2
is directly connected, port1 |
Related Articles
Technical Tip: FortiGate routing table conditions
Technical Note: Configuring link redundancy - Traffic load-balancing / load-sharing - ECMP (Equal Co...
