Routing configuration overview

Routing configuration involves adding a default route, adding routes to networks that are not directly connected, and adding routes to networks that can be reached through route-based VPNs.

Follow these general steps to configure routing:

  1. Add the default route.
  2. Add routes to networks that are not directly connected, but require a next hop gateway.
  3. Add routes to networks that are reachable through the Tunnel Interfaces used in route-based VPNs.

Limitations

  • Routing and antispoofing can only be configured for interfaces that have IP addresses. It is not possible to define routing or antispoofing for the following types of interfaces because they do not have IP addresses:
    • Capture Interfaces and Inline Interfaces on IPS engines or Layer 2 Firewalls, or on Master NGFW Engines that host Virtual IPS engines or Virtual Layer 2 Firewalls.
    • Capture Interfaces, Inline IPS Interfaces, and Inline Layer 2 Firewall Interfaces on NGFW Engines in the Firewall/VPN role.
    • All interfaces on Virtual IPS engines and Virtual Layer 2 Firewalls.
  • Layer 2 physical interfaces on firewalls are not included in the routing and antispoofing configuration.
  • The basic routing configuration does not determine which traffic is routed through policy-based VPNs. Routing is checked after policy-based VPN traffic is encapsulated inside encrypted packets with different source and destination IP address information.

Multi-Link

For information on using NetLinks to configure routing for Multi-Link, see the section about defining Multi-Link routes.