Configuring Routes
Context
On the firewall that functions as the egress device, you need to configure default routes for users to access the external network when configuring intelligent traffic steering. In addition, you need to configure return routes to ensure that traffic returned by the external network can be sent back to the internal network. The firewall isolates users requiring service isolation in different security zones through sub-interfaces. Therefore, when configuring a return route (corresponding to a security zone), you need to set the destination network segment of the return route to the network segment of users in the security zone, and set the next-hop IP address of the return route to the IP address of the core device that is connected to the security zone.
Plan Example
Device |
Destination IP/Mask |
Next Hop |
Other Parameters |
Remarks |
|---|---|---|---|---|
FW-a (master device) |
10.0.0.0/24 |
192.168.11.4 |
Default |
Configure a static route for the users belonging to the security zone gw1. |
10.1.0.0/24 |
192.168.12.4 |
Default |
Configure a static route for the users belonging to the security zone gw2. |
Procedure
- Choose Network > Route > Static Route. In the Static Route List area, click Add to configure a static route.
