Contents

Related Topics

Add a Static Route

A route is the sequence of devices through which network traffic must go to get from the source to the destination. A router is the device in a route that finds the next network point through which to send the network traffic to its destination. Each router is connected to a minimum of two networks. A packet can go through a number of network points with routers before it gets to the destination. 

You can create static routes to send traffic to specific hosts or networks. The router can then send the traffic from the specified route to the correct destination. If you have a full network behind a router on your local network, add a network route. If you do not add a route to a remote network, all traffic to that network is sent to the Firebox default gateway.

Before you begin, you must understand the difference between a network route and a host route. A network route is a route to a full network behind a router located on your local network. Use a host route if there is only one host behind the router, or if you want traffic to go to only one host.

If you have configured a BOVPN virtual interface, you can also add and edit VPN routes for a BOVPN virtual interface in the static routes table.

Add an IPv4 Static Route

You can add an IPv4 static route to a network or a single host IP address.

To add a static route, from Fireware Web UI:Closed
  1. Select Network > Routes.
    The Routes page appears.
  2. Click Add.
    The Route dialog box appears.

Screen shot of the Add Route dialog box

  1. From the Route Type drop-down list, select Static Route.
  2. From the Destination Type drop-down list, select an option:
    • Host IPv4 — Select this option if only one IPv4 host is behind the router or you want traffic to go to only one host.
    • Network IPv4 — Select this option if you have a full IPv4 network behind a router on your local network.
  3. In the Route To text box, type the host address or network address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Gateway text box, type the IP address of the router.
    Make sure that you type an IP address that is on one of the same networks as the Firebox.
  5. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  6. Click OK to close the Route dialog box.
    The configured network route appears in the Routes page.
  7. Click Save to save the change to the configuration.
To add a static route, from Policy Manager:Closed
  1. Select Network > Routes.
    The Setup Routes dialog box appears.
  2. Click Add.
    The Add Route dialog box appears.

Screen shot of the Add Route dialog box

  1. From the Route Type drop-down list, select Static Route.
  2. From the Destination Type drop-down list, select an option:
    • Host IPv4 — Select this option if only one IPv4 host is behind the router or you want traffic to go to only one host.
    • Network IPv4 — Select this option if you have a full IPv4 network behind a router on your local network.
  3. In the Route To text box, type the network address or host address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Gateway text box, type the IP address of the router. Make sure that you type an IP address that is on one of the same networks as the Firebox.
  5. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  6. Click OK to close the Add Route dialog box.
    The configured network route appears in the Setup Routes dialog box.

Add an IPv6 Static Route

When you add an IPv6 route, you can optionally specify which IPv6-enabled interface to use for the route. Specify an interface if you want to control which interface is used in the route. For example:

  • If more than one interface can reach the gateway, and you want to route traffic to the gateway through a specific interface, select the interface that you want this route to use.
  • If there are two gateways with the same IPv6 link local address on different connected networks, select the interface that connects to the gateway you want to route to.

You can add an IPv6 static route to a network, or a single host IP address

To add a static route, from Fireware Web UI:Closed
  1. Select Network > Routes.
    The Routes page appears.
  2. Click Add.
    The Route dialog box appears.

  1. From the Route Type drop-down list, select Static Route.
  2. From the Destination Type drop-down list, select an option:
    • Host IPv6 — Select this option if only one IPv6 host is behind the router or you want traffic to go to only one host.
    • Network IPv6 — Select this option if you have a full IPv6 network behind a router on your local network.
  3. In the Route To text box, type the host address or network address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Gateway text box, type the IP address of the router.
    Make sure that you type an IP address that is on one of the same networks as the Firebox.
  5. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  6. If you want this route to use a specific interface, select the Specify interface check box. From the adjacent drop-down list, select an IPv6-enabled interface that can access the specified gateway.
  7. Click OK to close the Route dialog box.
    The configured network route appears in the Routes page.
  8. Click Save to save the change to the configuration.
To add an IPv6 static route, from Policy Manager:Closed
  1. Select Network > Routes.
    The Setup Routes dialog box appears.
  2. Click Add.
    The Add Route dialog box appears.

  1. From the Route Type drop-down list, select Static Route.
  2. From the Destination Type drop-down list, select an option:
    • Host IPv6 — Select this option if only one IPv6 host is behind the router or you want traffic to go to only one host.
    • Network IPv6 — Select this option if you have a full IPv6 network behind a router on your local network.
  3. In the Route To text box, type the network address or host address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Gateway text box, type the IP address of the router. Make sure that you type an IP address that is on one of the same networks as the Firebox.
  5. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  6. If you want this route to use a specific interface, select the Specify interface check box. From the adjacent drop-down list, select an IPv6-enabled interface that can get access to the specified gateway.
  7. Click OK to close the Add Route dialog box.
    The configured network route appears in the Setup Routes dialog box.

Add a BOVPN Virtual Interface Route

If you have configured a BOVPN virtual interface, you can also add and edit BOVPN virtual interface routes here. This option is available only after you configure at least one BOVPN virtual interface. For more information, see Configure a BOVPN Virtual Interface.

IPv6 BOVPN virtual interface routes are 6in4 tunnel routes that use a GRE tunnel within the IPSec BOVPN tunnel. You can use an IPv6 BOVPN virtual interface route to send traffic between two IPv6 networks through an IPv4 BOVPN virtual interface tunnel. You cannot configure a BOVPN virtual interface route for traffic between an IPv4 network and an IPv6 network.

To add a BOVPN virtual interface route, from Fireware Web UI:Closed
  1. Select Network > Routes.
    The Routes page appears.
  2. Click Add.
    The Route dialog box appears.

  1. From the Route Type drop-down list, select BOVPN Virtual Interface Route.
  2. From the Choose Type drop-down list, select an option:
    • Host IPv4 — Select this option if only one IPv4 host is behind the router or you want traffic to go to only one host.
    • Network IPv4 — Select this option if you have a full IPv4 network behind a router on your local network.
    • Host IPv6 — Select this option if only one IPv6 host is behind the router or you want traffic to go to only one host.
    • Network IPv6 — Select this option if you have a full IPv6 network behind a router on your local network.
  3. In the Route To text box, type the network address or host address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  5. From the Interface drop-down list, select the BOVPN virtual interface you want to use for this route.
  6. Click Save changes to close the Route dialog box.
    The configured network route appears in the Routes page.
  7. Click Save to save the change to the configuration.
To add a BOVPN virtual interface route, from Policy Manager:Closed
  1. Select Network > Routes.
    The Setup Routes dialog box appears.
  2. Click Add.
    The Add Route dialog box appears.

Screen shot of the Add Route dialog box for a BOVPN Virtual Interface Route

  1. From the Route Type drop-down list, select BOVPN Virtual Interface Route.
  2. From the Choose Type drop-down list, select an option:
    • Host IPv4 — Select this option if only one IPv4 host is behind the router or you want traffic to go to only one host.
    • Network IPv4 — Select this option if you have a full IPv4 network behind a router on your local network.
    • Host IPv6 — Select this option if only one IPv6 host is behind the router or you want traffic to go to only one host.
    • Network IPv6 — Select this option if you have a full IPv6 network behind a router on your local network.
  3. In the Route To text box, type the network address or host address. If you type a network address, use slash notation.
    For more information about slash notation, see About Slash Notation.
  4. In the Metric text box, type or select a metric value for the route. Routes with lower metrics have higher priority.
  5. From the Interface drop-down list, select the BOVPN virtual interface you want to use for this route.
  6. Click OK to close the Add Route dialog box.
    The configured network route appears in the Setup Routes dialog box.

The BOVPN virtual interface routes you configure here also appears in the VPN Routes tab in the BOVPN virtual interface configuration

If the Firebox is configured in drop-in mode, the route table on the Firebox might or might not immediately show the correct interface for a static route after you restart the device, or after you move the gateway associated with a static route to a different interface. The Firebox cannot update the route table with the correct interface for a static route until it receives network traffic through the gateway for that static route. The Firebox updates the internal route table on demand when traffic is received from the gateway.

See Also

Routes and Routing

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.