Scribd
Upload
6 views6 pages

20-Virtual Routers (VR)

Uploaded by

Shaad Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views6 pages

20-Virtual Routers (VR)

Uploaded by

Shaad Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Virtual Routers:

o When it comes to routing traffic between different networks one needs a Router.
o Palo Alto Networks Firewalls are capable of routing the traffic between networks.
o Uses concept of “Virtual Routers” to route traffic be it static or dynamic routing.
o Virtual Router uses virtualized or partitioned routing tables to do the routing job.
o Uses virtual routers to obtain routes & uses best route to populates its routing table.
o PA Firewall capable of supporting Dynamic routing protocols like RIPv2, OSPF & BGPv4.
o The Palo Alto NG Network Firewalls comes with a Virtual router named the default.
o Can be used for routing provided layer3 interfaces or VLANs are part of that default VR.
o Can also create new Virtual Router & name & use it for both static & dynamic routing.
o In Palo Alto Firewall Layer 3 deployment, the Firewall routes traffic between ports.
o Each L3, loopback interface, & VLAN interface must be associated with Virtual Router.
o In Palo Alto Network Firewall each interface can belong to only one Virtual Router.
o IP must be assigned to each interface & virtual router must be defined to route traffic.
o PA Firewall can create multiple virtual routers, each maintaining separate set of routes.
o An Addition to adding static routes, can configure to participate with dynamic routing.
o Virtual Routers used for Layer 3 IP routing and also supports one or more static routes.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Network > Virtual Routers > Router Settings > General

Settings Description
Name Specify a name to describe the Virtual Router.
Interfaces Select the interfaces that want to include in the Virtual Router.
Administrative Distances Specify the Administrative Distances.

Administrative Distances
Static Routes Range is 10-240 Default is 10
OSPF Internal Range is 10-240 Default is 30
OSPF External Range is 10-240 Default is 110
IBGP Range is 10-240 Default is 200
EBGP Range is 10-240 Default is 20
RIP Range is 10-240 Default is 120

Network -> Virtual Routers -> Add Type name “VR-WAN” -> click OK

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Let’s configure Static Rout; I will route all traffic to ISP (Default Route); assuming that the ISP
router IP address is 192.168.17.2
Static Routes –> Add
Type name, select the Interface (ethernet1/1) and Next Hop keep the default Metric 10
You will need to click “Commit” then the changes take effect.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Settings Description
Name Enter a name to identify the static route .
Destination Enter an IP address and network mask in Classless Inter-domain
Routing (CIDR) notation for example, 192.168.2.0/24
Interface Select the interface to forward packets to the destination, or configure
the next hop settings, or both.
Next Hop Select one of the following:
IP Address—Select to enter the IP address of the next hop router.
Next VR—Select to select a virtual router in the firewall as the next
hop. To route internally between virtual routers within a single firewall.
Discard—Select if want to drop traffic that is addressed to destination.
None—Select if there is no next hop for the route.
Admin Distance Specify administrative distance for static route (10-240; default is 10).
Metric Specify a valid metric for the static route (1 - 65535).
Route Table Select the route table into which the firewall installs the static route:
Unicast—Installs the route into the unicast route table.
Multicast—Installs the route into the multicast route table.
Both—Installs the route into the unicast and multicast route tables.
No Install—Does not install the route in the route table (RIB).
BFD Profile To enable Bidirectional Forwarding Detection (BFD) for static route.
default (default BFD settings)
A BFD profile that you have created on the firewall
New BFD Profile to create a new BFD profile
Select None (Disable BFD) to disable BFD for the static route.
To use BFD on a static route: Both firewall & peer at opposite end of
static route must support BFD sessions. Static route Next Hop type
must be IP Address & must enter valid IP address.
The Interface setting cannot be None; you must select an interface.
Path Monitoring Select to enable path monitoring for the static route.
Failure Condition Select the condition under which the firewall considers the monitored
path down and thus the static route down:
Any—If any one of the monitored destinations for the static route is
unreachable by ICMP.
All—If all of the monitored destinations for the static route are
unreachable by ICMP.
Select All to avoid the possibility of a single monitored destination
signaling a static route failure when that monitored destination is
simply offline for maintenance, for example.
Preemptive Hold Enter the number of minutes a downed path monitor must remain in
Time (min) Up state— Range is 0-1,440; default is 2.
Name Enter a name for the monitored destination.
Enable Select to enable path monitoring of this specific destination for the
static route; the firewall sends ICMP pings to this destination.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Source IP Select the IP address that the firewall will use as the source in the ICMP
ping to the monitored destination:
Destination IP Enter IP address for which the firewall will monitor the path.
Ping Interval (sec) Specify ICMP ping interval in seconds to determine how frequently
firewall monitors path range is 1-60; default is 3.
Ping Count Specify number of consecutive ICMP ping packets that do not return
from the monitored destination before firewall considers link down.

More Runtime Stats for a Virtual Router:


After configuring static routes or routing protocols for a virtual router, select Network > Virtual
Routers, and select More Runtime Stats in the last column to see detailed information about
the virtual router, such as the route table, forwarding table, and the routing protocols and
static routes you configured.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Route Table Flags and Description
Flags Description
A?B Active and learned via BGP
AC Active and a result of an internal interface (connected) - Destination = network
AH Active and a result of an internal interface (connected) - Destination = Host only
AR Active and learned via RIP
AS Active and Static
S Inactive (Because this route has a higher metric) and static
01 OSPF external type-1
O2 OSPF external type-2
Oi OSPF intra-area
Oo OSPF inter-area

Forwarding Table Flags and Description


Flags Description
u Route is up.
h Route is to a host.
g Route is to a gateway.
e Firewall selected this route using Equal Cost Multipath.
* Route is the preferred path to a destination network.
ug Route is up and a gateway.
uh Route is up and a host.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy