A no default route network is a network that does not have a default route
configured. When a network does not have a default route configured, it drops
packets destined to unknown destinations. Enterprises often use no default route
networks to restrict access for their users. If a device on a no default route
network needs to access a certain destination (IP address or subnet), the
administrator will need to manually configure a route for that destination.
Enterprises also require restricted and secure internet access for the users,
servers, and devices on a no default route branch network.
There are a few reasons why someone might want to configure a no default route
network:
Improve security by blocking outbound malicious and DDoS traffic to random
destinations from compromised endpoints on the network, which protects against
denial-of-service attacks and other malicious traffic.
Improve the performance of routing devices by reducing the number of routes to
process.
Implement routing policies that meet the specific needs of users by configuring
specific routes for specific destinations.
No Default Route Network Considerations
When securing internet traffic from a no default network, enterprises must clearly
evaluate users, endpoints, servers, and devices in the branch network that could be
talking to the internet.
In no default route branches, there could be devices with a variety of different
operating systems, multiuser or shared endpoints such as VDIs, and headless devices
such as Servers and IoT devices. Internet traffic from all these devices require
security. It's critical to have a solution that covers all these use cases, provides
flexibility with different connectivity methods, and offers a unified platform to
consistently secure internet access regardless of the type of the device.
Deployment Recommendations for Securing Internet Access for No
Default Route Networks
If you have a no default route network, here is our recommendation to secure internet
traffic:
