Composition of the static route on a firewall

1

On the firewall, run the ip route-static command to configure a static route, including:
-Destination address and mask
-Outbound interface and next-hop address

Other related questions:
Whether the firewall supports static routing backups.
The firewall does not support static route backup.

Whether the firewall supports static route backup
The firewall does not support static route backup.

Method used to configure the static route on USG firewalls
The method used to configure the static route on USG firewalls is as follows: For example: ip route-static 1.1.1.0 255.255.255.0 1.1.5.1 //ip rout-static indicates the static route, 1.1.1.0 indicates the destination address, 255.255.255.0 indicates the mask, and 1.1.5.1 indicates the next-hop address.

Is the static route affected if the BFD for the static route is in AdminDown state
The static route is not affected. The static route is invalid only when the BFD detects a link fault.

Situation in which an outbound interface is specified for the static route of the firewall
Note the following when specifying the outbound interface for the static route of a firewall: 1. For the point-to-point interface, if you specify the outbound interface, it is considered that the next-hop address is specified, that is, the peer interface address. If the Point-to-Point Protocol (PPP) is encapsulated for the POS, the peer IP address is obtained through PPP negotiation. In this situation, you only need to specify the outbound interface instead of the next-hop address. 2. Non Broadcast Multiple Access (NBMA) interfaces (such as ATM interfaces) support the point-to-multipoint network. In this situation, in addition to the IP route, you need to map the IP address with the link-layer address on the link layer. You must configure the next-hop IP address. 3. If you set the broadcast interface (such as the Ethernet interface) and virtual-template (VT) interface as the outbound interfaces when configuring the static route, you must specify the next-hop address. Because the Ethernet interface is a broadcast interface and the VT interface is associated with multiple virtual access interfaces, multiple next hops exist. The next hop cannot be identified. In the application, you must specify the broadcast interface (such as the Ethernet interface) or VT interface as the outbound interface. You are suggested to specify the next-hop address corresponding to the outbound interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top