Fortinet 127 FortiWeb 5.0 Patch 6 Administration Guide
3. Configure these settings:
4. Click OK.
The FortiWeb appliance should now be reachable to connections with networks indicated by
the mask.
5. To verify connectivity, from a host on the route’s destination network, attempt to connect to
the FortiWeb appliance’s web UI via HTTP and/or HTTPS. (At this point in the installation,
Setting name Description
Destination
IP/Mask
Type the destination IP address and network mask of packets that
will be subject to this static route, separated by a slash ( / ).
The value 0.0.0.0/0.0.0.0 or ::/0 results in a default route,
which matches the DST field in the IP header of all packets.
Gateway Type the IP address of the next-hop router where the FortiWeb
appliance will forward packets subject to this static route. This router
must know how to route packets to the destination IP addresses that
you have specified in Destination IP/Mask, or forward packets to
another router with this information.
For a direct Internet connection, this will be the router that forwards
traffic towards the Internet, and could belong to your ISP.
Caution: The gateway IP address must be in the same subnet as the
interface’s IP address. Failure to do so will cause FortiWeb to delete
all static routes, including the default gateway.
Interface Select the name of the network interface through which the packets
subject to the static route will egress towards the next-hop router.
Making a default route for your FortiWeb is a typical best practice: if there is no other, more
specific static route defined for a packet’s destination IP address, a default route will match
the packet, and pass it to a gateway router so that any packet can reach its destination.
If you do not define a default route, and if there is a gap in your routes where no route
matches a packet’s destination IP address, packets passing through the FortiWeb towards
those IP addresses will, in effect, be null routed. While this can help to ensure that
unintentional traffic cannot leave your FortiWeb and therefore can be a type of security
measure, the result is that you must modify your routes every time that a new valid
destination is added to your network. Otherwise, it will be unreachable. A default route
ensures that this kind of locally-caused “destination unreachable” problem does not occur.