Configuring Routes
Context
On the firewall that functions as the egress device, you need to configure default routes for users to access the external network when configuring intelligent traffic steering. In addition, you need to configure return routes to ensure that traffic from the external network can be sent back to the internal network. The firewall isolates users requiring service isolation in different security zones through sub-interfaces. Therefore, when configuring a return route (corresponding to a security zone), you need to set the destination network segment of the return route to the network segment of users in the security zone, and set the next-hop IP address of the return route to the IP address of the core device that is connected to the security zone.
Data Plan
Device |
Destination IP/Mask |
Next-Hop IP |
Other Parameters |
Description |
|---|---|---|---|---|
FW-a (master device) |
10.1.1.0/24 |
192.168.5.3 |
Default |
Configure a static route destined for the network segment where users in the security zone rd_trust reside. |
10.1.3.0/24 |
192.168.6.3 |
Default |
Configure a static route destined for the network segment where users in the security zone market_trust reside. |
|
10.2.0.0/16 |
192.168.7.3 |
Default |
Configure a static route destined for the network segment where users in the security zone guest_trust reside. |
Procedure
- Choose Network > Route > Static Route. In the Static Route List area, click Add to configure a static route. The following example configures a static route destined for the network segment of RD_VN.
