Configure a Logical Router
Table of Contents
Expand all | Collapse all
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
Configure a Logical Router
Configure a logical router to enable routing for an Advanced
Routing Engine.
In order to perform network routing, the Advanced
Routing Engine requires you to configure at least one logical router;
there is no default logical router. A logical router maintains a
separate routing information base and keeps routes from exposure
to other logical routers. The number of logical routers supported for
an Advanced Routing Engine varies based on firewall model.
Before
you can configure a logical router, you must Enable Advanced Routing.
- SelectandNetworkRoutingLogical RoutersAdda logical router byNameusing a maximum of 31 characters. The name must start with an alphanumeric character, underscore (_), or hyphen (-), and can contain a combination of alphanumeric characters, underscore (_) or hyphen(-). No dot (.) or space is allowed.
- Add interfaces to the logical router.
- While still on the Logical RouterGeneraltab, select theInterfacetab.
- Addan interface to the logical router by selecting from the list of interfaces. An interface can belong to only one logical router. Repeat to add more interfaces, as in the following example for the logical router named LR-1:
- (Optional) SelectAdministrative Distancesto change the global administrative distance (from the default setting) for various types of routes.
- Static—Range is 1 to 255; default is 10.
- Static IPv6—Range is 1 to 255; default is 10.
- OSPF Intra Area—Range is 1 to 255; default is 110.
- OSPF Inter Area—Range is 1 to 255; default is 110.
- OSPF External—Range is 1 to 255; default is 110.
- OSPFv3 Intra Area—Range is 1 to 255; default is 110.
- OSPFv3 Inter Area—Range is 1 to 255; default is 110.
- OSPFv3 External—Range is 1 to 255; default is 110.
- BGP AS Internal—Range is 1 to 255; default is 200.
- BGP AS External—Range is 1 to 255; default is 20.
- BGP Local Route—Range is 1 to 255; default is 20.
- RIP—Range is 1 to 255; default is 120.
- ClickOK.
- (On a firewall supporting multiple virtual systems) Assign the logical routers to a virtual system.
- Selectand select a virtual system andDeviceVirtual SystemsGeneral.
- Addone or moreLogical Routers.
- ClickOK.
- ClickOK.
- (Optional) Configure ECMP for a logical router by navigating to, selecting a logical router, and thenNetworkRoutingLogical Routers. Configure ECMP for a logical router much as you would for a virtual router on a legacy routing engine.GeneralECMP
- Committhe changes.
- For a firewall with a pre-existing configuration, selectandDeviceSetupOperationsReboot Device. Then log back into the firewall.
- (Optional) View Runtime Stats for a logical router.
- Selectand for a specific logical router, selectNetworkRoutingLogical RoutersMore Runtime Statson the far right.
- To see the route tables for all protocols, on theRoutingtab, selectRoute TableandDisplay Address Family:IPv4 and IPv6,IPv4 Only, orIPv6 Only.
- To see entries in the Forwarding Information Base (FIB), selectForwarding Table.
- SelectStatic Route Monitoringto see the static routes you are monitoring.
- Select theBGPtab and thenSummaryto see BGP settings.
- SelectPeerto see BGP peer settings.
- SelectPeer Groupto see BGP peer group settings.
- SelectRouteandDisplay Address Family:IPv4 and IPv6,IPv4 Only, orIPv6 Onlyto see the attributes of BGP routes.
- Access the CLI to view advanced routing information. The PAN-OS CLI Quick Start lists the commands in the CLI Cheat Sheet: Networking.