| Where Can I Use This? | What Do I Need? |
|---|
|
|
|
In addition to (or as an alternative to) BGP routing, you can create static routes to route your
SD-WAN traffic.
You can configure static routes either using
Panorama™ or directly on the firewall hub
or branch. If you are going to use
Panorama, you should be familiar with
the process to
configure a template or template stack
variable. You will create a variable to use as the destination in your
static route, as shown in the following procedure. (You can also create a variable
for the next hop.) You will push a static route (that goes to the hub) to the
branch. You will push a static route (that goes to the branch) to the hub.
Configure a Template or Template
Stack Variable and enter the variable
Name in
the following format: $
peerhostname_
clustername.
customname.
For example, $branchsanjose_clusterca.10 or $DIA_cluster2.location3.
After the dollar sign ($), the elements in the variable are:
- peerhostname—Hostname of the destination hub or branch to which the static
route goes. For a static route to the internet, the peerhostname must be
DIA. An alternative to the peer’s hostname is
to use the peer’s serial number. If the peer is part of an HA pair, you
can use the hostname or serial number of either one of the two HA
firewalls.
- clustername—Name of the VPN cluster to which
the destination hub or branch belongs.
- customname—Text string of your choice; you
cannot use a period (.) in the customname.
You can have more than one static route going to the same
peer, which means the variables will have the same peerhostname
and clustername; you differentiate the variables by using a different
customname.
Select the variable
Type to be
IP
Netmask and enter the destination IP address with a slash and
netmask length, such as 192.168.2.1/24.
(SD-WAN plugin 3.2.0 and later
versions)
For IPv6, enter the IPv6 address with a slash and prefix
length, such as 2001:DB8::/32.
Click OK to save the variable.
Select and select
a virtual router.
Select Static Routes.
Select IPv4 or
IPv6
(SD-WAN plugin 3.2.0 and later
versions)
and Add a Name for the static
route.
For Destination, select the variable
you created.
For Interface, select from the
dropdown list, which includes only interfaces from the template;
for example, Ethernet1/1, Tunnel.x, or sdwan.xx.
For Next Hop, select IP Address
or IPv6 Address
(SD-WAN
plugin 3.2.0 and later versions) and enter the IP address or
variable of the next hop for the static route (the hub or branch to which the
static route goes).
Click OK.
Commit and
Commit and
Push your changes.
Auto VPN configuration replaces the sdwan keyword in the Interface field
of the static route with the egress virtual SD-WAN interface
that it determines based on the Destination variable. Thus, the static route
in the routing table indicates that traffic going to the peer host in the
identified VPN cluster will egress the virtual SD-WAN
interface to reach the specified next hop.
Configure a static route for the return traffic.
