Network technologies and trends

Dec 24 2015   6:15AM GMT

How to configure a static route in Palo Alto Firewall?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
Administrator
Default route
Ethernet
Firewalls
HA
Interface
Layer 2
LAYER3
Loopback
Palo Alto Networks
Static route
tunnel
VLAN

In one of my previous post we discussed about Palo Alto Networks Firewall Virtual Router , how it works and what kind of protocols its capable of supporting.  Configuring a static route in Palo Alto Firewall Virtual Router is quite simple, in this post lets see how we can configure a static route.

We will be using the following topology for our example

Palo Alto in V Router

We have LAN with the subnet 172.16.32.0 which is the trust zone will accessing the Internet from the Network 192.168.1.0  which is untrust zone.

In order allow the internet access you should ensure that  there is a default route toward the Internet gateway 192.168.1.1 and the Palo Alto Layer 3 interface s of both trust and untrust zone are configured with the following

IP Address

Security-Zone

Virtual Router

PA VR- 1

In order to configure a default route in the Palo Alto Networks Firewall we need to do the following

Step 1 :Go to Network>Virtual Routers

Click Virtual Routers> default>Static Routes>Add

PA VR 2

(Palo Alto firewall comes a Virtual Router default, if you want you can create a new virtual router and name according to your needs)

Step 2: Configure the default route towards Internet Gateway IP address as shown below

PA VR 3

In our case any traffic sourcing from trust zone will be sent to the Internet Router IP Address as it default gateway ,

PA VR 4

We will name the route as Static Route

Destination field will be 0.0.0.0/0  as any traffic that don’t have any specific route will be forwarded to Internet Gateway.

Select  IP Address radio button in the Next Hop Field

Enter the IP address and mask 192.168.1.1/24

Click OK and save the configuration.

Make sure you configure a Security- Policy to allow the traffic from trust zone to untrust zone as shown below.

PA VR 5

You can see from my laptop with an IP Address 172.16.32.2 I can ping the Inter gateway  192.168.1.1 and can also access internet.

PA VR 6

You could see it s very to configure a static route in Palo Alto Firewall and one can see the routing table  as shown below.

PA VR 7

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: