In addition to (or as an alternative to) BGP
routing, you can create static routes to route your SD-WAN traffic.
You can configure static routes either using Panorama™ or directly on the firewall hub or branch.
If you are going to use Panorama, you should be familiar with the process to Configure a Template or Template Stack
Variable. You will create a variable to use as the destination in your
static route, as shown in the following procedure. (You can also create a variable
for the next hop.) You will push a static route (that goes to the hub) to the
branch. You will push a static route (that goes to the branch) to the hub.
the following format: $peerhostname_clustername.customname.
For example, $branchsanjose_clusterca.10 or $DIA_cluster2.location3.
After the dollar sign ($), the elements in the variable are:
—Hostname of the destination hub or branch to which the static
route goes. For a static route to the internet, the peerhostname must be
. An alternative to the peer’s hostname is
to use the peer’s serial number. If the peer is part of an HA pair, you
can use the hostname or serial number of either one of the two HA
—Name of the VPN cluster to which
the destination hub or branch belongs.
—Text string of your choice; you
cannot use a period (.) in the customname.
You can have more than one static route going to the same
peer, which means the variables will have the same peerhostname
and clustername; you differentiate the variables by using a different
Select the variable
and enter the destination IP address with a slash and
netmask length, such as 192.168.2.1/24. For IPv6, enter the IPv6 address with a
slash and prefix length, such as 2001:DB8::/32.
to save the variable.
a virtual router.
for the static
, select the variable
, select from the
dropdown list, which includes only interfaces from the template;
for example, Ethernet1/1, Tunnel.x, or sdwan.xx.
and enter the IP address or variable of
the next hop for the static route (the hub or branch to which the static route
Auto VPN configuration replaces the
in the Interface field of the static route with the egress virtual SD-WAN
interface that it determines based on the Destination variable.
Thus, the static route in the routing table indicates that traffic
going to the peer host in the identified VPN cluster will egress
the virtual SD-WAN interface to reach the specified next hop.