トップ > セキュリティ-Fortigate > fortigate staticルート CLI

fortigate staticルート CLI

セキュリティ-Fortigate セキュリティ

CLI

StaticRouteの設定

Fortigate # config router static
Fortigate (static) # edit 1 →シーケンス番号(削除時に指定します)
new entry '1' added
Fortigate (1) # set dst 192.168.0.0 255.255.255.0 →宛先IP+マスク
Fortigate (1) # set gateway 192.168.2.1 →デフォゲ設定
Fortigate (1) # set device wan1 →出力IF?
Fortigate (1) # end

 

 

※「*」がついている、dst(宛先IP+マスク)とdevice(出力IF)は、設定必須です。

Fortigate (1) # set
*dst                 Destination IP and mask for this route.
gateway             Gateway IP for this route.
distance            Administrative distance (1 - 255).
weight              Administrative weight (0 - 255).
priority            Administrative priority (0 - 4294967295).
*device              Enable/disable gateway out interface.
comment             Comment.
blackhole           Black hole.
dynamic-gateway     Enable use of dynamic gateway retrieved from a DHCP or PPP server.
virtual-wan-link    Enable/disable egress through the virtual-wan-link.

Fortigate (1) # set

 

設定しないと、下記エラーが表示されます

Fortigate (1) # end
entry not found in datasource
Attribute 'device' MUST be set.
Command fail. Return code -3

Fortigate #

 

 

設定の確認

show configだと長すぎるので、必要箇所だけ出力

 

Fortigate # show router static
config router static
    edit 1
        set dst 192.168.0.0 255.255.255.0
        set gateway 192.168.2.1
        set device "wan1"
    next
end

 

ルーティングテーブル確認

見方は、Ciscoと同じですね

Fortigate # get router info routing-table static
S       192.168.0.0/24 [10/0] via 192.168.2.1, wan1

 

gateway設定しないと、下記表示(viaがない)

Fortigate # get router info routing-table static
S       192.168.0.0/24 [10/0] is directly connected, wan1

 

 

ping

問題なし

 

Fortigate # execute ping 192.168.0.254
PING 192.168.0.254 (192.168.0.254): 56 data bytes
64 bytes from 192.168.0.254: icmp_seq=0 ttl=255 time=9.6 ms
64 bytes from 192.168.0.254: icmp_seq=1 ttl=255 time=0.7 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=255 time=0.7 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=255 time=0.7 ms
64 bytes from 192.168.0.254: icmp_seq=4 ttl=255 time=0.7 ms

--- 192.168.0.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.7/2.4/9.6 ms

Fortigate #

 

StaticRoute削除

Fortigate # config router static

Fortigate (static) # delete
seq-num    Entry number.
1

Fortigate (static) # delete 1

 

設定の確認

削除されてます。

Fortigate # show router static

Fortigate #

 

ルーティングテーブルの確認

Fortigate # get router info routing-table static

Fortigate # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

C       192.168.1.0/24 is directly connected, internal
C       192.168.2.0/24 is directly connected, wan1


Fortigate #

 

2行目のStaticルート設定(AD指定)

Fortigate (static) # edit 2
new entry '2' added

Fortigate (2) # set dst 192.168.3.0 255.255.255.0

Fortigate (2) # set device wan1

Fortigate (2) # set distance 250

 

設定確認

Fortigate # show router static
config router static
    edit 1
        set dst 192.168.0.0 255.255.255.0
        set device "wan1"
    next


    edit 2
        set dst 192.168.3.0 255.255.255.0
        set distance 250
        set device "wan1"
    next
end

 

ルーティングテーブル確認

AD値も指定されてます。

Fortigate # get router info routing-table static
S       192.168.0.0/24 [10/0] is directly connected, wan1
S       192.168.3.0/24 [250/0] is directly connected, wan1