hello all
we have 2 wan links peered with ISP for internet redundency
we are able to recive the 0.0.0.0 defult route from ISP Via BGP
my question regards a third wan link we own for CAM use , it uses a static route to the internet aswell
but i cant seem to have both 0.0.0.0 routes in the routing table in the same time
so we cannot acsess the CAM from outside
how can i resolve this ? i have tried to put same distance and diffrent priority but the BGP route disapeers . .
anyone came accross this issue ?
Routing table for VRF=0 S 0.0.0.0/0 [30/0] via 192.117.0.*, port3 B *> 0.0.0.0/0 [20/0] via 192.117.9.*, wan1, 03:22:58
Solved! Go to Solution.
Two routes, a static and BGP for the same prefix, can't co-exist in the routing table even if you put the same admin distance [20] on the static route. The static route takes precedence over the same BGP route in that case.
Only way to have 2 or more default routes on the routing table is not to use BGP default routes but set three static default routes on three circuits then set a higher priority on the third static default route toward the third internet interface, so that outgoing traffic wouldn't go there but it can still receive incoming packets and their return packets are allowed to go back based on the known sessions.
How does this set up work - users on the Internet connect to WAN IP configured on CAM interface ? Or hosts in LAN go out to the Internet via this CAM interface?
Two routes, a static and BGP for the same prefix, can't co-exist in the routing table even if you put the same admin distance [20] on the static route. The static route takes precedence over the same BGP route in that case.
Only way to have 2 or more default routes on the routing table is not to use BGP default routes but set three static default routes on three circuits then set a higher priority on the third static default route toward the third internet interface, so that outgoing traffic wouldn't go there but it can still receive incoming packets and their return packets are allowed to go back based on the known sessions.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.