PCNSE Static Routing Guide

1. Static Route Configuration

To configure a static route on a Palo Alto Networks firewall:

1. Navigate to Network > Virtual Routers and select the desired virtual router.
2. Click on the Static Routes tab.
3. Click Add to create a new static route.
4. Specify the Destination network (e.g., 192.168.1.0/24).
5. Set the Next Hop (e.g., IP address, Next VR, FQDN, None, or Discard).
6. Optionally, specify the Interface, Administrative Distance, and Metric.
7. Click OK and then Commit the changes.

2. Path Monitoring for Static Routes

Path monitoring ensures that static routes are only active when the specified path is reachable:

1. While adding or editing a static route, navigate to the Path Monitoring tab.
2. Enable path monitoring and add one or more Monitored Destinations.
3. Specify the Source IP for the ICMP pings.
4. Set the Ping Interval and Ping Count as needed.
5. Choose the Failure Condition (Any or All) and set the Preemptive Hold Time.
6. Click OK and then Commit the changes.

When the monitored path fails, the static route is removed from the routing table, allowing alternative routes to be used.

3. Administrative Distance

Administrative distance (AD) determines the trustworthiness of a route source. Lower AD values are preferred:

• Static routes: 10 (default)
• OSPF: 110
• BGP: 20 (eBGP), 200 (iBGP)
• RIP: 120

Adjusting the AD allows for route preference manipulation, such as using static routes as backups to dynamic routes.

4. Policy-Based Routing (PBR)

PBR allows for routing decisions based on policies rather than solely on the routing table:

1. Navigate to Policies > Policy Based Forwarding and click Add.
2. Define the Source Zone, Source Address, and other match criteria.
3. Specify the Forwarding action, such as the egress interface and next hop.
4. Optionally, enable Monitor to track the health of the path.
5. Click OK and then Commit the changes.

PBR is useful for directing specific traffic through desired paths, overriding the default routing behavior.

5. Interaction Between Static Routes and PBR

When both static routes and PBR are configured:

• PBR rules are evaluated before the routing table.
• If a packet matches a PBR rule, it follows the specified forwarding path.
• If no PBR rule matches, the packet is routed based on the routing table.

It's important to ensure that PBR rules are carefully crafted to avoid unintended routing behaviors.

6. Monitoring and Troubleshooting

To monitor and troubleshoot static routes:

• Use the Routing Table and Forwarding Table under Network > Virtual Routers to view active routes.
• Check the System Logs for path monitoring events such as path-monitor-failure and path-monitor-recovery.
• Utilize the CLI commands like show routing route and show routing fib for detailed route information.

8. Additional Best Practices

• Use Descriptive Naming: Assign clear and descriptive names to static routes to simplify management and troubleshooting.
• Regularly Review Routes: Periodically audit static routes to ensure they are still necessary and correctly configured.
• Document Changes: Maintain documentation of static route configurations and any changes made for future reference and compliance.
• Implement Redundancy: Where possible, configure redundant static routes with appropriate administrative distances to provide failover capabilities.
• Monitor Route Performance: Utilize monitoring tools to track the performance and availability of static routes, enabling prompt detection of issues.

9. Interaction with Other Routing Protocols

Static routes can coexist with dynamic routing protocols. Understanding their interaction is crucial:

• Administrative Distance: Static routes typically have a lower administrative distance than dynamic routes, making them preferred unless adjusted.
• Backup Routes: By increasing the administrative distance of a static route, it can serve as a backup to dynamic routes.
• Route Redistribution: Static routes can be redistributed into dynamic routing protocols if necessary, but care must be taken to avoid routing loops.

10. Conclusion

Proper configuration and management of static routes are essential for network stability and performance. By adhering to best practices and understanding their interaction with other routing mechanisms, administrators can ensure efficient and reliable network routing.