Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add a unicast route

You can configure the firewall to forward IPv4 and IPv6 unicast traffic.

Add a route

To add a unicast route, do as follows.

  1. Go to Routing > Static routes.
  2. Under IPv4 unicast route, click Add.
  3. Specify the destination IP address and subnet. You can enter an IP or network address.
  4. Under Gateway IP, enter the IP address of the next hop or gateway router to route packets to the destination IP address.
  5. Under Interface, select the interface through which traffic must exit.

    The firewall first matches the interface, then the gateway that can reach the destination.

    You can also select Blackhole to drop all traffic without notifying the source. If dynamic routing protocols, such as RIP, OSPF, and BGP, are configured to redistribute static routes, blackhole static routes also get redistributed. To avoid this, filter the blackhole static routes for each dynamic routing protocol.

    Note

    ARP requests are sent to identify the interface over which the destination IP address behind the peer RED is reachable. To make sure these requests reach the destination network, don't select an interface. Under Gateway, enter the IP address of the peer RED interface.

  6. Under Administrative distance, enter a number. It determines the best route among the different routing protocols. Lower numbers carry higher priority. For example, the firewall tries to send traffic over a route with a distance of 1 rather than 5.

  7. Under Metric, enter a number. It determines the best route among static routes.

    Note

    To load-balance traffic to a destination over static IPv4 unicast routes, make sure the routes have the same administrative distance and metric values.

  8. Optional: Under Description, enter a route description.

  9. Click Save.
  1. Go to Routing > Static routes.
  2. Under IPv6 unicast route, click Add.
  3. Enter the destination IP address and prefix. You can enter an IP or network address.
  4. Under Gateway IP, enter the IP address of the next hop or gateway router to route packets to the destination IP address.
  5. Under Interface, select the interface through which traffic must exit. The firewall first checks the interface and then the gateway.

    Note

    ARP requests are sent to identify the interface over which the destination IP address behind the peer RED is reachable. To make sure these requests reach the destination network, don't select an interface. Under Gateway, enter the IP address of the peer RED interface.

  6. Under Metric, enter a number. It determines the best route among static routes.

  7. Click Save.

Useful information

  • If an interface or tunnel restarts, the route table only shows interface routes, that is, static routes for which you selected an interface.
  • Gateway routes appear when the firewall matches traffic with the destination address and gateway, then selects an interface to route it through.