Create a Static Route for SD-WAN

Create a static route for SD-WAN traffic.
In addition to (or as an alternative to) BGP routing, you can create static routes to route your SD-WAN traffic.
You can configure static routes either using Panorama™ or directly on the firewall hub or branch. If you are going to use Panorama, you should be familiar with the process to Configure a Template or Template Stack Variable. You will create a variable to use as the destination in your static route, as shown in the following procedure. You will push a static route (that goes to the hub) to the branch. You will push a static route (that goes to the branch) to the hub.
  1. Configure a Template or Template Stack Variable and enter the variable
    in the following format: $peerhostname_clustername.customname. For example, $branchsanjose_clusterca.10 or $DIA_cluster2.location3. After the dollar sign ($), the elements in the variable are:
    • peerhostname
      —Hostname of the destination hub or branch to which the static route goes. For a static route to the internet, the peerhostname must be
      . An alternative to the peer’s hostname is to use the peer’s serial number. If the peer is part of an HA pair, you can use the hostname or serial number of either one of the two HA firewalls.
    • clustername
      —Name of the VPN cluster to which the destination hub or branch belongs.
    • customname
      —Text string of your choice; you cannot use a period (.) in the customname.
    You can have more than one static route going to the same peer, which means the variables will have the same peerhostname and clustername; you differentiate the variables by using a different customname.
  2. Select the variable
    to be
    IP Netmask
    and enter the destination IP address with a slash and netmask length, such as
  3. Click
    to save the variable.
  4. Select
    Virtual Routers
    and select a virtual router.
  5. Select
    Static Routes
    for the static route.
  6. For
    , select the variable you created.
  7. For
    , select from the dropdown list, which includes only interfaces from the template; for example, Ethernet1/1, Tunnel.x, or sdwan.xx.
  8. For
    Next Hop
    , select
    IP Address
    and enter the IP address of the next hop for the static route (the hub or branch to which the static route goes).
  9. Click
  10. Commit
    Commit and Push
    your changes.
    Auto VPN configuration replaces the
    keyword in the Interface field of the static route with the egress virtual SD-WAN interface that it determines based on the Destination variable. Thus, the static route in the routing table indicates that traffic going to the peer host in the identified VPN cluster will egress the virtual SD-WAN interface to reach the specified next hop.
  11. Configure a static route for the return traffic.

Recommended For You