Create a Static Route for SD-WAN
Table of Contents
Expand all | Collapse all
-
- Create a Link Tag
- Configure an SD-WAN Interface Profile
- Configure a Physical Ethernet Interface for SD-WAN
- Configure an Aggregate Ethernet Interface and Subinterfaces for SD-WAN
- Configure Layer 3 Subinterfaces for SD-WAN
- Configure a Virtual SD-WAN Interface
- Create a Default Route to the SD-WAN Interface
-
- Create a Path Quality Profile
-
- Create a SaaS Quality Profile
- Use Case: Configure SaaS Monitoring for a Branch Firewall
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to the Same SaaS Application Destination
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to a Different SaaS Application Destination
- SD-WAN Traffic Distribution Profiles
- Create a Traffic Distribution Profile
- Create an Error Correction Profile
- Configure an SD-WAN Policy Rule
- Allow Direct Internet Access Traffic Failover to MPLS Link
- Configure DIA AnyPath
- Distribute Unmatched Sessions
- Configure Multiple Virtual Routers on SD-WAN Hub
- Configure Multiple Virtual Routers on SD-WAN Branch
- Configure HA Devices for SD-WAN
- Create a VPN Cluster
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
- Configure Advanced Routing for SD-WAN
Create a Static Route for SD-WAN
Create a static route for SD-WAN traffic.
In addition to (or as an alternative to) BGP
routing, you can create static routes to route your SD-WAN traffic.
You can configure static routes either using Panorama™ or directly on the firewall hub or branch.
If you are going to use Panorama, you should be familiar with the process to Configure a Template or Template Stack
Variable. You will create a variable to use as the destination in your
static route, as shown in the following procedure. (You can also create a variable
for the next hop.) You will push a static route (that goes to the hub) to the
branch. You will push a static route (that goes to the branch) to the hub.
- Log in to the Panorama Web Interface.Configure a Template or Template Stack Variable and enter the variable Name in the following format: $peerhostname_clustername.customname. For example, $branchsanjose_clusterca.10 or $DIA_cluster2.location3. After the dollar sign ($), the elements in the variable are:
- peerhostname—Hostname of the destination hub or branch to which the static route goes. For a static route to the internet, the peerhostname must be DIA. An alternative to the peer’s hostname is to use the peer’s serial number. If the peer is part of an HA pair, you can use the hostname or serial number of either one of the two HA firewalls.
- clustername—Name of the VPN cluster to which the destination hub or branch belongs.
- customname—Text string of your choice; you cannot use a period (.) in the customname.
You can have more than one static route going to the same peer, which means the variables will have the same peerhostname and clustername; you differentiate the variables by using a different customname.Select the variable Type to be IP Netmask and enter the destination IP address with a slash and netmask length, such as 192.168.2.1/24. For IPv6, enter the IPv6 address with a slash and prefix length, such as 2001:DB8::/32.Click OK to save the variable.Select NetworkVirtual Routers and select a virtual router.Select Static Routes.Select IPv4 or IPv6 and Add a Name for the static route.For Destination, select the variable you created.For Interface, select from the dropdown list, which includes only interfaces from the template; for example, Ethernet1/1, Tunnel.x, or sdwan.xx.For Next Hop, select IP Address or IPv6 Address and enter the IP address or variable of the next hop for the static route (the hub or branch to which the static route goes).Click OK.Commit and Commit and Push your changes.Auto VPN configuration replaces the sdwan keyword in the Interface field of the static route with the egress virtual SD-WAN interface that it determines based on the Destination variable. Thus, the static route in the routing table indicates that traffic going to the peer host in the identified VPN cluster will egress the virtual SD-WAN interface to reach the specified next hop.Configure a static route for the return traffic.