SD-WAN Administrator’s Guide
    : Create a Static Route for SD-WAN
    Focus
    Download PDF
    Focus
    1. Home
    2. SD-WAN
    3. SD-WAN Administrator’s Guide
    4. Configure SD-WAN
    5. Create a Static Route for SD-WAN
    Download PDF

    SD-WAN Administrator’s Guide

    Create a Static Route for SD-WAN

    Table of Contents

    Create a Static Route for SD-WAN

    Create a static route for SD-WAN traffic.
    In addition to (or as an alternative to) BGP routing, you can create static routes to route your SD-WAN traffic.
    You can configure static routes either using Panorama™ or directly on the firewall hub or branch. If you are going to use Panorama, you should be familiar with the process to Configure a Template or Template Stack Variable. You will create a variable to use as the destination in your static route, as shown in the following procedure. You will push a static route (that goes to the hub) to the branch. You will push a static route (that goes to the branch) to the hub.
    1. Log in to the Panorama Web Interface.
    2. Configure a Template or Template Stack Variable and enter the variable Name in the following format: $peerhostname_clustername.customname. For example, $branchsanjose_clusterca.10 or $DIA_cluster2.location3. After the dollar sign ($), the elements in the variable are:
      • peerhostname—Hostname of the destination hub or branch to which the static route goes. For a static route to the internet, the peerhostname must be DIA. An alternative to the peer’s hostname is to use the peer’s serial number. If the peer is part of an HA pair, you can use the hostname or serial number of either one of the two HA firewalls.
      • clustername—Name of the VPN cluster to which the destination hub or branch belongs.
      • customname—Text string of your choice; you cannot use a period (.) in the customname.
      You can have more than one static route going to the same peer, which means the variables will have the same peerhostname and clustername; you differentiate the variables by using a different customname.
    3. Select the variable Type to be IP Netmask and enter the destination IP address with a slash and netmask length, such as 192.168.2.1/24.
    4. Click OK to save the variable.
    5. Select NetworkVirtual Routers and select a virtual router.
    6. Select Static RoutesIPv4 and Add a Name for the static route.
    7. For Destination, select the variable you created.
    8. For Interface, select from the dropdown list, which includes only interfaces from the template; for example, Ethernet1/1, Tunnel.x, or sdwan.xx.
    9. For Next Hop, select IP Address and enter the IP address of the next hop for the static route (the hub or branch to which the static route goes).
    10. Click OK.
    11. Commit and Commit and Push your changes.
      Auto VPN configuration replaces the sdwan keyword in the Interface field of the static route with the egress virtual SD-WAN interface that it determines based on the Destination variable. Thus, the static route in the routing table indicates that traffic going to the peer host in the identified VPN cluster will egress the virtual SD-WAN interface to reach the specified next hop.
    12. Configure a static route for the return traffic.

    © 2025 Palo Alto Networks, Inc. All rights reserved.