Technical Tip: Connected route not displayed in routing-table despite interface in different VRF

Consider having two interfaces configured as follow: 

# config system interface
    edit "wan1"
        set vdom "root"

        set vrf 2
        set mode dhcp
        set type physical
        set role wan
        set snmp-index 2
    next
end

# config system interface
    edit "wan2"
        set vdom "root"

        set vrf 0
        set ip 192.168.1.1 255.255.255.0
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 2
    next
end

Both interfaces are configured in different VRFs. 

wan1 is configured to get IP address via DHCP, while wan2 is configured with a static IP address. 

If wan1 ends up receiving the same subnet as wan2, the connected route for one would not show in the routing table, even if it is in different VRFs.

# get router info routing-table details

Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 10.1.10.1, internal, [1/0]
C 10.1.10.0/24 is directly connected, internal

Routing table for VRF=2
S* 0.0.0.0/0 [5/0] via 192.168.1.2, wan1, [1/0]
C 192.168.1.0/24 is directly connected, wan1

FortiGate does not allow having to the same subnet on different interfaces with default config. As in the above case, since it was received via DHCP, FortiGate configured it on wan1 but only one route showed up in the routing table as connected.

In such cases, it is suggested to configure 'set allow-subnet-overlap'.

 # config system settings
(settings) # set allow-subnet-overlap enable 
(settings) # end

This will allow both connected routes in the routing table.

# get router info routing-table details

Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 10.1.10.1, internal, [1/0]
C 10.1.10.0/24 is directly connected, internal

C 192.168.1.0/24 is directly connected, wan2

Routing table for VRF=2
S* 0.0.0.0/0 [5/0] via 192.168.1.2, wan1, [1/0]
C 192.168.1.0/24 is directly connected, wan1