Routing Table for Management Traffic
The threat defense device includes the following routing tables for from-the-device management traffic:
-
Linux Management routing table—Special management traffic sourced from the Management interface such as management center communication,the licensing communication, and database updates always uses the Linux Management routing table.
-
Data routing table—All from-the-device traffic (as well as all through traffic) uses the data routing table by default. All regular data interfaces are part of this routing table. Most services let you choose a specific interface, so only routes associated with that interface are used.
-
Management-only routing table—The Management interface and all data interfaces that you set to management-only are part of this routing table. To send from-the-device traffic from any of these interfaces, you must choose a specific management-only interface when you configure the service. An exception is for DNS lookups: in some cases, threat defense will use data and then fall back to management automatically if a route is not found. You can add static routes for management-only interfaces, but not for the special Management interface. The threat defense device automatically adds a default route for Management that forwards traffic to Linux, where a separate route lookup occurs in the Linux routing table. You can add static routes to the Linux routing table that can be used by Management using the threat defense CLI configure network static-routes command.
NoteThe default Linux route is set with the configure network ipv4 or configure network ipv6 command.
Note | For devices that have not yet merged the Management and legacy Diagnostic interfaces, see refer to pre-7.3 versions of this guide. |