Reading time: 2 minutes
Bunch of Fortigate routing commands to help in troubleshooting. Similar to Cisco IOS but not really ;-)
To view the route-cache
diagnose ip rtcache list
Show all routes except inactive routes
get router info routing-table all
Show all routes including inactive.
get router info routing-table database
FORTIGATE-1# get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
> - selected route, * - FIB route, p - stale info
Routing table for VRF=0
S *> 0.0.0.0/0 [1/0] via 104.54.67.1, wan2, [1/0]
*> [1/0] via 104.54.68.1, wan1, [1/0]
S 10.0.10.0/24 [10/0] via VPN-AWS tunnel 35.35.35.35 inactive, [1/0]
C *> 10.1.10.0/24 is directly connected, LAN1
C *> 10.10.10.0/24 is directly connected, LAN1
S *> 10.11.11.0/24 [254/0] is a summary, Null, [1/0]
S 10.11.11.0/24 [10/0] via VPN-AWS tunnel 35.35.35.35 inactive, [1/0]
C *> 10.10.20.0/24 is directly connected, LAN20
C *> 10.10.40.0/24 is directly connected, LAN40
*> means FIB route and selected route. It’s used for all routing protocols not just BGP. Think of BGP valid and best.
Show the policy route. Regular policy route has ID less than 65535; ISDB and SDWAN have ID number higher than 65535. SDWAN includes vwl_service with ID and name of rule.
diagnose firewall proute list
Show the Forwarding Information Base (fib)
get router info kernel
Configuring VRF
config system interface
edit "port1"
set vrf 100
next
end
These commands will now show the VRFs
get router info routing-table all
get router info routing-table database
diagnose ip rtcache list
