How to Fix Starlink Static Route issue in FortiGate Firewall

This post is about fixing Starlink static route issue in FortiGate Firewall


The issue comes when configuring Starlink in FortiGate Firewall; no matter how we configure the administrative distance and priority for the StarLink state route, one default configuration overrides the manual static route.


StarLink as secondary internet link, it should only kicks in when primary link fails

StarLink “WAN” port is configure as DHCP in Fortinet FortiGate firewall

Primay link and Secondary (StarLink) link are both configured with mannual static routes, but StarLink has high value of priority

NO SD-WAN involved here, we use “configure system link-monitor” for internet failover


1. Tried restart “routing” process via CLI

execute router restart

2. Tried change both “distance” and “prioty”, no luck

3. Remove Starlink, the primary works fine

4. Then find the magical command to view the routing table database in Fortinet FortiGate firewall, and check the THIRD static route with a short distance value !!!

get router info routing-table database

5. look deeper on the StarLink interface, here it is

The Fix

1. Use the SD-WAN zone with each ISP as an SD-WAN member, then configure the “SD-WAN” rule for failover

2. under the interface CLI, tweak the distance and priority value to be the one you wanted, here I want it has the same distance value as Primary link but higher value of priorty – Lower is prefered here

After change the priority value, we can see the correct path is preferred

Useful links

2 thoughts on “How to Fix Starlink Static Route issue in FortiGate Firewall”

  1. I think this link provides the solution. I have yet to try it but it looks like the sure thing.

    1. Thanks, JT, your link is for the scenario when Starlink is configured as a “router” and traffic doing a double NATing. The post is for the scenario when the Starlink device is configured as “Modem/Bridge” mode, and Fortinet will get a routable public IP. But thanks for sharing anyway 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *