Skip to main content



Cisco Defense Orchestrator

Static Routes

A static route is a route from one network to another network that you define and enter manually into the routing table. You might want to use static routes in the following cases:

  • Your network is small and stable and you can easily manage manually adding and changing routes between devices.
  • Your networks use an unsupported router discovery protocol.
  • You do not want the traffic or CPU overhead associated with routing protocols.
  • In some cases, a default route is not enough. The default gateway might not be able to reach the destination network, so you must also configure more specific static routes. For example, if the default gateway is outside, then the default route cannot direct traffic to any inside networks that are not directly connected to the FTD device.
  • You are using a feature that does not support dynamic routing protocols.

Limitation: CDO does not currently support the management, monitoring, or use of Virtual Tunnel Interface (VTI) tunnels on ASA or FTD devices. Devices with configured VTI tunnels can be onboarded to CDO but it ignores the VTI interfaces. If a security zone or static route references a VTI, CDO reads the security zone and static route without the VTI reference. CDO support for VTI tunnels is coming soon.

Related Topics
  • Was this article helpful?