Add a Static Route
A static route defines where to send traffic for specific destination networks. You should at a minimum define a default route. A default route is simply a static route with 0.0.0.0/0 as the destination IP address.
Procedure
Step 1 | Choose , and edit the threat defense device. | ||
Step 2 | Click Routing. | ||
Step 3 | (For virtual-router-aware devices) From the virtual routers drop-down list, select the virtual router for which you are configuring a static route. | ||
Step 4 | Select Static Route. | ||
Step 5 | Click Add Routes. | ||
Step 6 | Click IPv4 or IPv6 depending on the type of static route that you are adding. | ||
Step 7 | Choose the Interface to which this static route applies. For transparent mode, choose a bridge group member interface name. For routed mode with bridge groups, you can choose either the bridge group member interface for the BVI name. To “black hole” unwanted traffic, choose the Null0 interface. For a device using virtual routing, you can select an interface that belongs to another virtual router. You can create such a static route if you want to leak traffic from this virtual router into the other virtual router. For more information, see Interconnecting Virtual Routers. | ||
Step 8 | In the Available Network list, choose the destination network. To define a default route, create an object with the address 0.0.0.0/0 and select it here.
| ||
Step 9 | In the Gateway or IPv6 Gateway field, enter or choose the gateway router which is the next hop for this route. You can provide an IP address or a Networks/Hosts object. When you are using static route configuration for virtual routers to leak routes, do not specify the next hop gateway. | ||
Step 10 | In the Metric field, enter the number of hops to the destination network. Valid values range from 1 to 255; the default value is 1. The metric is a measurement of the “expense” of a route, based on the number of hops (hop count) to the network on which a specific host resides. Hop count is the number of networks that a network packet must traverse, including the destination network, before it reaches its final destination. The metric is used to compare routes among different routing protocols. The default administrative distance for static routes is 1, giving it precedence over routes discovered by dynamic routing protocols but not directly connected routes. The default administrative distance for routes discovered by OSPF is 110. If a static route has the same administrative distance as a dynamic route, the static route takes precedence. Connected routes always take precedence over static or dynamically discovered routes.
| ||
Step 11 | (Optional) For a default route, click the Tunneled checkbox to define a separate default route for VPN traffic. You can define a separate default route for VPN traffic if you want your VPN traffic to use a different default route than your non VPN traffic. For example, traffic incoming from VPN connections can be easily directed towards internal networks, while traffic from internal networks can be directed towards the outside. When you create a default route with the tunneled option, all traffic from a tunnel terminating on the device that cannot be routed using learned or static routes, is sent to this route. You can configure only one default tunneled gateway per device. ECMP for tunneled traffic is not supported. | ||
Step 12 | (IPv4 static route only) To monitor route availability, enter or choose the name of an SLA (service level agreement) Monitor object that defines the monitoring policy, in the Route Tracking field. See SLA Monitor.
| ||
Step 13 | Click Ok. |