SD-WAN Administration
  • SD-WAN Administration
  • SD-WAN Documentation
  • All Documentation
>
Create a Default Route to the SD-WAN Interface
Focus
Download PDF
Focus
  1. Home
  2. SD-WAN
  3. Enable SD-WAN without Auto VPN
  4. Create a Default Route to the SD-WAN Interface
Download PDF
SD-WAN

Create a Default Route to the SD-WAN Interface

Table of Contents

Create a Default Route to the SD-WAN Interface

Create a default route to an SD-WAN interface you created in order to bring up the firewall.
Where Can I Use This?What Do I Need?
  • NGFW
Auto VPN creates a virtual SD-WAN interface named sdwan.901 for IPv4 DIA and a virtual SD-WAN interface named sdwan.9016 for IPv6 DIA. It creates a virtual SD-WAN interface named sdwan.90x (where the x starts from 2) for VPN tunnels. Auto VPN also creates its own default route that uses the sdwan.901 (IPv4) and sdwan.9016 (IPv6) interface as its egress interface and uses a low metric, so that the sdwan.901 (IPv4) interface and sdwan.9016 (IPv6) interface are preferred over the default route you created. SD-WAN plugin 3.2.0 and later versions support IPv6 interfaces and IPv6 tunnels.
When you configure Auto VPN using Panorama™, it creates the default route configuration, in which case you don’t have to create and configure the default route. For all other cases, use the following workflow to create a default route pointing to the SD-WAN DIA virtual interface that was created earlier.
  1. Log in to the Panorama Web Interface.
  2. Select the Template you are working on.
  3. Select NetworkVirtual Routers and select a virtual router, such as sd-wan.
  4. (SD-WAN plugin 3.1.0 and earlier versions) Select Static Routes and Add a static route by Name.
  5. (SD-WAN plugin 3.1.0 and earlier versions ) For Destination, enter 0.0.0.0/0.
  6. (SD-WAN plugin 3.2.0 and later versions) Select Static Routes.
  7. (SD-WAN plugin 3.2.0 and later versions) Select IPv4 or IPv6 and Add a static route by Name.
  8. (SD-WAN plugin 3.2.0 and later versions) For an IPv4 Destination, enter 0.0.0.0/0. For an IPv6 Destination, enter ::/0.
  9. For egress Interface, select one of the logical SD-WAN interfaces you created to bring up the firewall.
    The egress interface you select can be any logical SD-WAN interface except sdwan.901, sdwan.902, or sdwan.9016.
  10. For Next Hop, select None.
  11. For Metric, enter a value greater than 50, so that this default route is not preferred over the default route that Auto VPN creates with a low metric.
  12. Click OK.
  13. Select Commit and Commit and Push your configuration changes.
  14. Commit your changes.
  15. Repeat this task for other templates on firewalls that use a service route to access Panorama.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.