Configuring the Routing Table

Background

This page shows the routing table with the routes added on your appliance:

Notes:

  • You can add or edit routes and configure manual routing rules.

    You cannot edit system defined routes.

  • You can specify routes for and associate IP addresses with selected VPN tunnels.

    To add, delete, and modify the IP addresses, use dynamic routing protocols.

  • When no default route is active, this page shows this message:

    Note - No default route is configured. Internet connections might be down or not configured.

  • For Internet Connection High Availability, the default route changes automatically on failover (based on the active Internet connection).

  • When a network interface is disabled, the routing table shows all routes for that interface as inactive. A route automatically becomes active when the interface is enabled. Traffic for an inactive route is routed based on active routing rules (usually, to the default route).

  • You cannot edit, delete, enable, and disable routes created by the operating system for directly attached networks or by dynamic routing protocols.

Routing Table Columns

If you configured IPv6 connections, the new IPv6 Routing Table appears below the IPv4 Routing Table. Note that IPv6 addresses have no Service, Protocol, or Rank.

Column

Description

Destination

IPv4 and IPv6 addresses

The route rule applies only to traffic whose destination matches the destination IP address / network.

Source

IPv4 and IPv6 addresses.

The route rule applies only to traffic whose source matches the source IP address/network.

Service

IPv4 addresses only.

The route rule applies only to traffic whose service matches the service IP protocol and ports or service group.

Next Hop

IPv4 and IPv6 addresses

The next hop gateway for this route, with these options:

  • Specified IP address of the next hop gateway.

  • Specified Internet connection from the connections configured in the appliance.

  • Specified VPN Tunnel Interface (VTI).

Metric

IPv4 and IPv6 addresses

The priority of the route.

If multiple routes to the same destination exist, the route with the lowest metric is selected.

 

The range is:

  • 0-100 for non-default routes

  • 101-200 for default routes.

Protocol

IPv4 addresses only.

Route type:

  • Static

  • Directly connected

  • BGP

  • OSPF

  • RIP

  • Aggregate

  • Kernel

  • N/A

Note - The IPv6 table does not show a Protocol column. These routes can only be seen in CLI, not in the WebUI:

  • Static

  • Directly connected

  • BGP

  • OSPF - as OSPFv3

Rank

IPv4 addresses only.

A numeric value used to determine which protocol has a higher priority - the lower the value, the higher the priority).

Limitations

  • When there is a default route on an internal port, WebUI and SSH access to the appliance is allowed only through the LAN ports or the active Internet connection (and not through an inactive Internet interface).

Adding a Specific IPv4 Static Route

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. Above the routing table, click New.

    The New Static Routing Rule window opens.

  4. In the Destination column:

    • To route traffic to any destination, leave the default value Any.

    • To route traffic to a specific destination IPv4 address:

      1. Click the value Any.

      2. Select Specified IP Address.

      3. Configure the required IP Address.

      4. Configure the required Subnet Mask.

      5. Click OK.

  5. In the Source column:

    • To route traffic from any source, leave the default value Any

    • To route traffic from a specific IPv4 address:

      1. Click the value Any.

      2. Select Specified IP Address.

      3. Configure the required IP Address.

      4. Configure the required Subnet Mask.

      5. Click OK.

  6. In the Service column:

    • To route traffic for all services (protocols), leave the default value Any

    • To route traffic for a specific service:

      1. Click the value *Any.

      2. Select the required service object or a service group object.

        Notes:

        • You can select only one service object or one service group object.

        • In the bottom right corner, click New > Service, or Service group to create a custom service or a group of services.

      3. Click OK.

  7. In the Next Hop column:

    1. Click the cell.

    2. Select the required option:

      • IP Address - Enter the IPv4 address of the required next hop.

      • Internet connection - Select the required Internet connection.

      • VPN Tunnel (VTI) - Select the required VPN Tunnel Interface or the GRE interface (you must configure it in advance).

      • Interface - Select the required Local Network interface (LAN, DMZ).

    3. Click OK.

  8. Optional: In the Comment field, enter an applicable text.

  9. Optional: In the Metric field, enter a value between 0 and 100.

    Notes:

    • The lower the value, the higher the priority.

    • The default metric is 0.

  10. Optional: In the Rank field, enter a value between 1 and 255 to define priority between routes with the same destination but for different routing protocols.

    Notes:

    • Rank is allowed only if you selected Specified IP Address in the Destination column.

    • Rank is per destination.

      All routes with the same destination have the same rank, even though their next hop and metric are different.

    • The default rank is 60.

    • To change the default route rank, go to Device view > Advanced Settings .

  11. Optional: Select Probe the next hop with arping. Arping is a form of monitoring in which you probe the next hop of a static route similar to ISPs.

    These options do not support next hop probing:

    • Internet connection

    • Interface

    Notes:

    • If arping and monitoring are both enabled, the route is considered good if only one type of monitoring succeeds.

    • Arping is only supported for:

      • IPv4 routes

      • IP, GRE, or VTI as next-hops

  12. In the Monitoring field, select the applicable option:

    • Off - To disable the route probing (this is the default).

    • On - To enable the route probing.

      Configure the applicable probing servers. For example:

      • dns.google.com

      • dns.cloudflare.com

      • dns.opendns.com

    Notes:

    • The probing feature supports default static routes, destination-based routes, and policy-based routes.

    • Starting in version R82.00.05, the next hop can be to an internal or an external device: any IPv4 address, VTI tunnel or GRE interface.

    • To probe any IPv4 address, select next hop type IP address. The IP address can be on the WAN subnet, on a LAN subnet, or not on a subnet of any interface.

    • To probe a GRE interface or VTI tunnel, select next hop type Virtual Tunnel Interface. The servers (selected earlier) can either be on the subnet of the destination IP address or the IP address of the remote-peer of the tunnel if you want to probe the tunnel.

    • To probe an internet-connection (the default gateway that connects to the internet), select next hop type Internet connection but do not turn on probing. Probing is already configured and performed in the Internet Connection page, and also affects routes that are dependent on these connections.

  13. Optional: In the Advanced Probing Settings section, configure the probing settings:

    • Probing frequency - Interval between pings.

    • Percentage of failed attempts - Threshold to consider the next hop as unreachable.

    • Max latency - Maximum latency for pings.

    • Reconnection delay - Delay before the appliance starts using this route again after the next hop becomes reachable again.

    • History timeline size - Size of the probing history timeline in the Route Monitoring window (see Route Monitoring).

    Note - You can hover over the field name to see the icon and hover over it to see the tooltip.

  14. Click Save.

Adding a Default IPv4 Static Route

This procedure adds a default static route to send traffic from any source, to any destination, for any protocol.

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. Above the routing table, click New.

    The New Static Routing Rule window opens.

  4. In the Destination column:

    Leave the default value Any.

  5. In the Source column:

    Leave the default value Any.

  6. In the Service column:

    Leave the default value Any.

  7. In the Next Hop column:

    1. Click the cell.

    2. Select the required option:

      • IP Address - Enter the IPv4 address of the required next hop.

      • VPN Tunnel (VTI) - Select the required VPN Tunnel Interface or the GRE interface (you must configure it in advance).

    3. Click OK.

  8. Optional: In the Comment field, enter an applicable text.

  9. In the Metric field, enter a value:

    Notes:

    • Enter a value between 101 and 200.

    • The lower the value, the higher the priority.

  10. Optional: Select Probe the next hop with arping. Arping is a form of monitoring in which you probe the next hop of a static route similar to ISPs.

    These options do not support next hop probing:

    • Internet connection

    • Interface

    Notes:

    • Arping is only supported for:

      • IPv4 routes

      • IP, GRE, or VTI as next-hops

    • If arping and monitoring are both enabled, the route is considered good if only one type of monitoring succeeds.

    In the Probing method field, select the applicable option:

    • Off - Route probing is disabled.

    • On - Route probing is enabled.

      Configure the applicable next hop servers to probe. For example:

      • dns.google.com

      • dns.cloudflare.com

      • dns.opendns.com

  11. Optional: In the Advanced Probing Settings section, configure the probing settings:

    • Probing frequency - Interval between pings.

    • Percentage of failed attempts - Threshold to consider the next hop as unreachable.

    • Max latency - Maximum latency for pings.

    • Reconnection delay - Delay before the appliance starts using this route again after the next hop becomes reachable again.

    • History timeline size - Size of the probing history timeline in the Route Monitoring window (see Route Monitoring).

    Note - You can hover over the field name to see the icon and hover over it to see the tooltip.

  12. Click Save.

Adding a Specific IPv6 Static Route

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. Above the IPv6 routing table, click New.

  4. In the New Static Routing Rule window, for Destination:

    • To route traffic to any destination, leave the default value Any.

    • To route traffic to a specific destination IPv6 address:

      1. Click the value Any.

      2. Select Specified IP Address.

      3. Configure the required IP Address.

      4. Configure the required Prefix length.

      5. Click OK.

  5. Starting in R82.00.10, in the Source column:

    • To route traffic from any source, leave the default value Any

    • To route traffic from a specific IPv6 address:

      1. Click the value Any.

      2. Select Specified IP Address.

      3. Configure the required IP Address.

      4. Configure the required Subnet Mask.

      5. Click OK.

  6. In the Next Hop column:

    The next-hop is an IPv6 address or an IPv6 internet connection.

    1. Click the cell.

    2. Select the required option:

      • IP Address - Enter the IPv6 address of the required next hop.

      • Internet connection - Select the required Internet connection.

    3. Click OK.

  7. Optional: In the Comment field, enter an applicable text.

  8. Optional: In the Metric field, enter a value between 0-100:

    Notes:

    • The lower the value, the higher the priority.

    • The default metric is 0.

  9. In the Monitoring field, select the applicable option:

    • Off - To disable the route probing (this is the default).

    • On - To enable the route probing.

      Configure the applicable probing servers. For example:

      • dns.google.com

      • dns.cloudflare.com

      • dns.opendns.com

    Notes:

    • The probing feature supports default static routes, destination-based routes, and source-based routes.

    • The Internet connection option does not support route probing because probing is already configured and performed in the Internet Connection page, and also affects routes that are dependent on these connections..

    • If the Next Hop type is an IP address, for destination-based routes, the probing server IP address must be on the same subnet as the destination IP address.

      For example, for a route with a destination to 12::/64 and next hop 10:10::1, a probing server must have an IP address from the 12::/64 subnet (for example, 12::1).

  10. Optional: In the Advanced Probing Settings section, configure the probing settings:

    • Probing frequency - Interval between pings.

    • Percentage of failed attempts - Threshold to consider the next hop as unreachable.

    • Max latency - Maximum latency for pings.

    • Reconnection delay - Delay before the appliance starts using this route again after the next hop becomes reachable again.

    • History timeline size - Size of the probing history timeline in the Route Monitoring window (see Route Monitoring).

    Note - You can hover over the field name to see the icon and hover over it to see the tooltip.

  11. Click Apply.

Adding a Default IPv6 Static Route

This procedure adds a default static route to send traffic from any source, to any destination, for any protocol.

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. Above the routing table, click New.

    The New Static Routing Rule window opens.

  4. In the Destination column:

    Leave the default value Any.

  5. Starting in R82.00.10, in the Source column:

    Leave the default value Any.

  6. In the Next Hop column:

    1. Click the cell.

    2. Select the required option:

      • IP Address - Enter the IPv6 address of the required next hop.

    3. Click OK.

  7. In the Metric field, enter a value:

    Notes:

    • Enter a value between 101 and 200.

    • The lower the value, the higher the priority.

  8. Optional: In the Comment field, enter an applicable text.

  9. Optional: In the Probing method field, select the applicable option:

    • Off - Route probing is disabled.

    • On - Route probing is enabled.

      Configure the applicable next hop servers to probe. For example:

      • dns.google.com

      • dns.cloudflare.com

      • dns.opendns.com

    Notes:

    • The probing feature supports default static routes, destination-based routes, and source-based routes.

  10. Optional: In the Advanced Probing Settings section, configure the probing settings:

    • Probing frequency - Interval between pings.

    • Percentage of failed attempts - Threshold to consider the next hop as unreachable.

    • Max latency - Maximum latency for pings.

    • Reconnection delay - Delay before the appliance starts using this route again after the next hop becomes reachable again.

    • History timeline size - Size of the probing history timeline in the Route Monitoring window (see Route Monitoring).

    Note - You can hover over the field name to see the icon and hover over it to see the tooltip.

  11. Click Apply.

Editing an Existing Static Route

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. In the routing table, click the route.

  4. Above the routing table, click Edit.

  5. Change the configuration.

  6. Click Apply.

Deleting an Existing Static Route

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. In the routing table, click the route.

  4. Above the routing table, click Delete.

Enabling or Disabling an Existing Static Route

  1. From the left navigation panel, click Device.

  2. In the Advanced Routing section, click the Routing Table page.

  3. In the routing table, click the route.

  4. Above the routing table, click Enable or Disable.

Route Monitoring

Above the IPv4 Routing table, click Monitor.

The Route Monitoring window opens.

Every row represents a server that the route probes to and its statistics.

Example:

Next Hop

Route Status

Server

Packet Loss

Failures

Min Latency

Avg. Latency

1.1.1.1

Active

dns.google.com

0

0

4

5.7

Each monitored route can have a maximum of 3 rows (one for each server).

Route Status:

  • Active (green)

  • Inactive (red)

  • Reconnecting (orange)

Above the IPv6 Routing table, click Monitor.

The Route Monitoring window opens.

Every row represents a server that the route probes to and its statistics.

Example:

Next Hop

Route Status

Server

Packet Loss

Failures

Min Latency

Avg. Latency

6:6::81

Active

81:81::81

0

0

4

5.7

Note - The Next Hop is an IPv6 interface.

Each monitored route can have a maximum of 3 rows (one for each server).

Route Status:

  • Active (green)

  • Inactive (red)

  • Reconnecting (orange)