Static Route
Router Static
FortiGate Version 4.0 Administration Guide
280
01-400-89802-20090424
Blackhole routes can also limit traffic on a subnet. If some subnet addresses are not in
use, traffic to those addresses (traffic which may be valid or malicious) can be directed to
a blackhole for added security and to reduce traffic on the subnet.
The loopback interface, a virtual interface that does not forward traffic, was added to
enable easier configuration of blackhole routing. Similar to a normal interface, this
loopback interface has fewer parameters to configure, and all traffic sent to it stops there.
Since it cannot have hardware connection or link status problems, it is always available,
making it useful for other dynamic routing roles. Once configured, you can use a loopback
interface in firewall policies, routing, and other places that refer to interfaces. You
configure this feature only from the CLI. For more information, see the system chapter of
the
.
Static Route
You configure static routes by defining the destination IP address and netmask of packets
that you intend the FortiGate unit to intercept, and by specifying a (gateway) IP address
for those packets. The gateway address specifies the next-hop router to which traffic will
be routed.
Working with static routes
The Static Route list displays information that the FortiGate unit compares to packet
headers in order to route packets. Initially, the list contains the factory configured static
default route. For more information, see
“Default route and default gateway” on page 281
You can add new entries manually.
When you add a static route to the Static Route list, the FortiGate unit performs a check to
determine whether a matching route and destination already exist in the FortiGate routing
table. If no match is found, the FortiGate unit adds the route to the routing table.
When IPv6 is enabled in the GUI, IPv6 routes are visible on the Static Route list.
Otherwise, IPv6 routes are not displayed. For more information on IPv6, see
To view the static route list, go to
Router > Static > Static Route
.
Figure 163
shows the static route list belonging to a FortiGate unit that has interfaces
named “port1” and “port2”. The names of the interfaces on your FortiGate unit may be
different.
Note:
You can use the
config router static6
CLI command to add, edit, or delete
static routes for IPv6 traffic. For more information, see the “router” chapter of the
.
Note:
Unless otherwise specified, static route examples and procedures are for IPv4 static
routes.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...