Configure a static route or a default route for a virtual
router.
Perform the following task to configure Static Routes or
a default route for a virtual router on the firewall.
Configure a static route.
Select NetworkVirtual Router and select the
virtual router you are configuring, such as default.
Select the Static Routes tab.
Select IPv4 or IPv6,
depending on the type of static route you want to configure.
Add a Name for the
route.
For Destination, enter the
route and netmask (for example, 192.168.2.2/24 for an IPv4 address
or 2001:db8:123:1::1/64 for an IPv6 address). If you’re creating
a default route, enter the default route (0.0.0.0/0 for an IPv4
address or ::/0 for an IPv6 address). Alternatively, you can create
an address object of type IP Netmask.
(Optional) For Interface, specify
the outgoing interface for packets to use to go to the next hop.
Use this for stricter control over which interface the firewall
uses rather than the interface in the route table for the next hop
of this route.
For Next Hop, select one of
the following:
IP Address—Enter the IP address
(for example, 192.168.56.1 or 2001:db8:49e:1::1) when you want to
route to a specific next hop. You must Enable IPv6 on
the interface (when you Configure Layer 3 Interfaces) to
use an IPv6 next hop address. If you’re creating a default route,
for Next Hop you must select IP Address and
enter the IP address for your Internet gateway (for example, 192.168.56.1
or 2001:db8:49e:1::1). Alternatively, you can create an address
object of type IP Netmask. The address object must have a netmask
of /32 for IPv4 or /128 for IPv6.
Next VR—Select this option and then select
a virtual router if you want to route internally to a different
virtual router on the firewall.
FQDN—Enter an FQDN or select an address
object that uses an FQDN, or create a new address object of type FQDN.
If
you use an FQDN as a static route next hop, that FQDN must resolve
to an IP address that belongs to the same subnet as the interface
you configured for the static route; otherwise, the firewall rejects the
resolution and the FQDN remains unresolved.
The
firewall uses only one IP address (from each IPv4 or IPv6 family
type) from the DNS resolution of the FQDN. If the DNS resolution
returns more than one address, the firewall uses the preferred IP address
that matches the IP family type (IPv4 or IPv6) configured for the next
hop. The preferred IP address is the first address the DNS server returns
in its initial response. The firewall retains this address as preferred as
long as the address appears in subsequent responses, regardless
of its order.
Discard—Select to drop packets that
are addressed to this destination.
None—Select if there is no next hop
for the route. For example, a point-to-point connection does not
require a next hop because there is only one way for packets to go.
Enter an Admin Distance for
the route to override the default administrative distance set for
static routes for this virtual router (range is 10 to 240; default
is 10).
Enter a Metric for the route
(range is 1 to 65,535).
Choose where to install the route.
Select the Route Table (the RIB)
into which you want the firewall to install the static route:
Unicast—Install the route
in the unicast route table. Choose this option if you want the route
used only for unicast traffic.
Multicast—Install the route in the
multicast route table (available for IPv4 routes only). Choose this
option if you want the route used only for multicast traffic.
Both—Install the route in the unicast
and multicast route tables (available for IPv4 routes only). Choose
this option if you want either unicast or multicast traffic to use
the route.
No Install—Do not install the route
in either route table.
(Optional) If your firewall model supports BFD,
you can apply a BFD Profile to the static
route so that if the static route fails, the firewall removes the
route from the RIB and FIB and uses an alternative route. Default
is None.