This post is about fixing Starlink static route issue in FortiGate Firewall
Issue
The issue comes when configuring Starlink in FortiGate Firewall; no matter how we configure the administrative distance and priority for the StarLink state route, one default configuration overrides the manual static route.
Environment
StarLink as secondary internet link, it should only kicks in when primary link fails
StarLink “WAN” port is configure as DHCP in Fortinet FortiGate firewall
Primay link and Secondary (StarLink) link are both configured with mannual static routes, but StarLink has high value of priority
NO SD-WAN involved here, we use “configure system link-monitor” for internet failover
Troubleshooting
1. Tried restart “routing” process via CLI
execute router restart2. Tried change both “distance” and “prioty”, no luck
3. Remove Starlink, the primary works fine
4. Then find the magical command to view the routing table database in Fortinet FortiGate firewall, and check the THIRD static route with a short distance value !!!
get router info routing-table database
5. look deeper on the StarLink interface, here it is
The Fix
1. Use the SD-WAN zone with each ISP as an SD-WAN member, then configure the “SD-WAN” rule for failover
2. under the interface CLI, tweak the distance and priority value to be the one you wanted, here I want it has the same distance value as Primary link but higher value of priorty – Lower is prefered here
After change the priority value, we can see the correct path is preferred
I think this link provides the solution. I have yet to try it but it looks like the sure thing.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Deploy-the-Starlink-router-as-WAN-for-the/ta-p/275433
Thanks, JT, your link is for the scenario when Starlink is configured as a “router” and traffic doing a double NATing. The post is for the scenario when the Starlink device is configured as “Modem/Bridge” mode, and Fortinet will get a routable public IP. But thanks for sharing anyway 🙂