Configure Firebox Dynamic Routing

Applies To: Cloud-managed Fireboxes

A route is the sequence of devices through which network traffic must travel to get from the source to the destination. With static routing, routing tables are set and do not change. Dynamic routing automatically updates routing tables as the configuration of a network changes. This makes sure that network packets can reach their intended destination, even if a router on the remote path fails. For a cloud-managed Firebox, you can add dynamic routing from the Firebox to another network.

Dynamic Routing Protocols

Cloud-managed Fireboxes support the RIP v1, RIP v2, RIPng, OSPF, OSPFv3, and BGP v4 protocols.

  • For IPv4 dynamic routing, you must use RIP, OSPF, or BGP.
  • For IPv6 dynamic routing, you must use RIPng, OSPFv3, or BGP.

For more information about these routing protocols, go to:

When you enable a dynamic routing protocol, WatchGuard Cloud automatically creates the first-run system policy that the protocol requires. The dynamic routing policies that WatchGuard Cloud automatically creates are:

  • DR-RIP-Allow
  • DR-RIPng-Allow
  • DR-OSPF-Allow
  • DR-OSPFv3-Allow
  • DR-BGP-Allow

Screen shot of Firewall policies.

WatchGuard Cloud automatically removes the dynamic routing first-run system policy when you disable the protocol. You can also disable the policy manually.

For more information about system firewall policies, go to System Firewall Policies.

Configure Dynamic Routing

You must use routing commands to create or modify a dynamic routing configuration file. For more information about routing configuration files, go to About Sample Routing Configuration Files.

To configure dynamic routing, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. In the Networking section, click the Routes widget.
    The Routes page opens.

Screen shot of static routes.

  1. Select the Dynamic Routing tab.
  2. Enable a dynamic routing protocol.
    The Routing Commands window opens.

You can enable more than one routing protocol at the same time.

Screen shot of dynamic routing UI.

  1. In the Routing Commands window, copy and paste, or type, the text of your routing daemon configuration file. For more information about routing configuration files, go to About Sample Routing Configuration Files.

Screen shot of dynamic routing and enable a protocol.

  1. (Optional) To send the configuration of a dynamic routing protocol to the cloud-managed Firebox for validation, click Validate. For more information, go to the Validate a Dynamic Routing Configuration section of this topic.
  2. Click Save.
  3. Deploy the configuration.

Validate a Dynamic Routing Configuration

You can send a dynamic routing protocol configuration to a cloud-managed Firebox for validation. The configuration includes the contents of the Routing Commands text box. When the Firebox receives the configuration, it validates the routing commands in the configuration against its current configuration.

Make sure the cloud-managed Firebox is connected to WatchGuard Cloud so that validation can take place.

To validate a dynamic routing configuration, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. In the Networking section, click the Routes widget.
    The Routes page opens.

Screen shot of Networking UI.

  1. Select the Dynamic Routing tab.
  2. Select a dynamic routing protocol that you previously configured routing commands for.
    The Routing Commands text box opens.

Screen shot of the Routing Commands window.

  1. Click Validate.
    The configuration is sent to the cloud-managed Firebox for validation.

If the configuration is not valid, an error message appears with information about the configuration error and its location. You can correct the issue and try to validate the configuration again.

Screen shot of protocol validation.

Disable a Dynamic Routing Configuration

To disable a dynamic routing configuration, from WatchGuard Cloud:

  1. Click the Routes widget.
    The Routes page opens.
  2. Select the Dynamic Routing tab.

Screen shot of protocols.

  1. Select a dynamic routing protocol that you previously configured routing commands for.
    The Routing Commands text box opens.
  2. Disable the dynamic routing protocol.
    Commands are kept for when you enable the protocol again.

Screen shot of disabled protocols.

  1. Click Save.
  2. Deploy the configuration.

WatchGuard Cloud automatically removes dynamic routing first-run system policies when you disable a dynamic routing protocol.

Monitor Dynamic Routing

When you enable dynamic routing and add protocol routing commands, you can view the current dynamic routing information from the Live Status > Networks > Dynamic Routing page. For more information, go to Monitor Networks on Fireboxes and FireClusters.

Related Topics

Configure Firebox Routes

About Firebox Networking Settings