<

Fortigate Routing

In this article i will describe some routing capabilities that Fortigate has.

Routing Protocols

 

Fortigate is capable of many routing Protocols:

1. Static Routes (not really a routing protocol 😉 )

2. BGP

3. RIP

4. OSPF

 

The Fortigate Firewall has also a Routing table 1that displays all the learned routes and also a FIB table. You might know about FIB from the Cisco CEF.

Routing Features: 

FIB 

The FIB contains all local and non-local routes that are known to the Device. It is populated by the routing table and in the High-Availability mode FIB is replicated among the clusters, but only the Master builds up the FIB, based on the routing table.

Reverse Path Forwarding (RPF)

This is used for anti-spoofing protection. You can find more about Reverse Path Forwarding here.

Bidirectional Forwarding Detection (BFD)

This is used to deal with dynamic routing protocols problems, of not having a fine granularity for detecting device failures on the network and re-routing around those failures. This works like the “hellos” of the OSPF routing protocol, but it actually connects to the router.

Default Administrative Distances for Fortigate:

1. The Fortigate Firewall assigns an AD of “20” to EBGP routes.

2. Static Routes have an AD of  “10”

3. Connected Routes have an AD of “0”

4. When you configure the BGP protocol a default route-map is created to make the AS non-tranzit (cool feature)

 

If you have any questions please ask.

 

 

You can skip to the end and leave a response. Pinging is currently not allowed.

3 Responses to “Fortigate Routing”

  1. Wang says:

    HI Just want to check with you that i i have 2 vlan how do i make a routing table for the 2 vlan to talk to each other?

    Fortigate model 40c
    Firmware Version ( v4.0,build0656,130211 (MR3 Patch 12) )
    Fortigate mode now is my main router.

    Vlan 1 192.168.1.0/24 Port 1
    Vlan 2 192.168.2.0/24 Port 2

    firewall Policy
    1) policy set able to let port 1 ping port 2
    2) policy set able to let port 2 ping port 1

    but after i set i try to ping pc from port 1 to port 2 not able to do.

    i read the net they said need to do a routing table but i am not sure how to do it.

    hope you can help

  2. 域名价格 says:

    好网站,希望能与贵站互惠互利共同发展。

  3. 86Danilo says:

    I have noticed you don’t monetize your blog, don’t waste your traffic, you can earn additional bucks every
    month because you’ve got hi quality content. If you want to know how to make
    extra $$$, search for: best adsense alternative Wrastain’s tools

Leave a Reply