Blackhole Routing

OK, so you’ve created your ipsec vpn tunnels and added the corresponding static routes, but which path does the VPN traffic take if your tunnel is down ?

Right, it uses the next best route in the routing table and chances are this is your default route pointing to your internet router…

But luckily you did add a blackhole route for this traffic, preventing this:






So next time your VPN tunnel is down, traffic will be dropped by the Fortigate and not use your default route again.

Or you can use the CLI for this:

config router static
edit 0
set blackhole enable
set dst

Hits: 14

Fortigate Tips & Tricks

Switch to VDOMs:




config system global
  set vdom-admin enable

Select Global from GUI and create VDOMS from there,

Set dedicated mgmt port in ROOT vdom via Network>Interfaces

Create VDOMS as needed, add interfaces, configure administrators

Check Cookbook for more info

Hits: 168