About Dynamic Routing
To use dynamic routing, the Firebox must be configured in mixed routing mode.
Dynamic Routing Protocols
Fireware supports the RIP v1, RIP v2, and RIPng protocols. Fireware with a Pro upgrade supports the RIP v1, RIP v2, RIPng, OSPF, OSPFv3, and BGP v4 protocols.
- For IPv4 dynamic routing, you must use RIP, OSPF or BGP.
- For IPv6 dynamic routing, you must use RIPng, OSPFv3, or BGP.
For more information about each of the supported routing protocols, see:
- About Routing Information Protocol (RIP and RIPng)
- About Open Shortest Path First (OSPF and OSPFv3) Protocol
- About Border Gateway Protocol (BGP)
In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) routing engine, which replaces Quagga. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade. Some FRR commands appear in a different section than in Quagga.
In Fireware v12.8.x or lower, Fireware uses the Quagga routing software suite v1.2.4, which supports most routing commands available in more recent versions of Quagga.
Dynamic Routing Policies
When you enable a dynamic routing protocol, the required dynamic routing policy is automatically created. The automatically added policies are called:
In Fireware v12.9 or higher, you can use a simplified implementation of bidirectional forwarding (BFD). You must configure a firewall policy for BFD traffic and enable BFD in the OSPF or BGP configuration on your Firebox. For information about how to implement BFD, see Bidirectional Forwarding.
Monitor Dynamic Routing
When you enable dynamic routing, you can see the current dynamic routes on the Status Report tab in Firebox System Manager.
In Fireware Web UI, select System Status > Routes to see the current static and dynamic routes.
For a FireCluster, the dynamic routes appear on the cluster master.
For more information about how to read the route tables in the Status Report, see Read the Firebox Route Tables.
To troubleshoot dynamic routing, you can change the diagnostic log level setting for dynamic routing to generate more log messages about dynamic routing traffic. You do this in the diagnostic log level settings for the Networking category. For more information about how to set the diagnostic log level, see Set the Diagnostic Log Level.
By default, routes remain installed when the next hop interface is down. In Fireware v12.9 or higher, you can specify a CLI command to automatically uninstall routes when the next hop interface is down:
WG(config)#global-setting routing-link-detect enable
This setting is available only in the Fireware CLI and is disabled by default.
Default Route Distance
If your Firebox has only one external interface (single WAN), the default route distance (metric) is 5. If your Firebox has more than one external interface (multi-WAN), the default route distance is 20 for an external interface that does not participate in multi-WAN.
For an external interface that participates in multi-WAN, the default route distance depends on the multi-WAN configuration:
|Multi-WAN Method||Default Route Distance (Metric)|
|Failover (secondary external interface)||11|
For each additional secondary external interface, increase the distance value by 1. For example, if you have three secondary external interfaces, the distances are 11, 12, and 13.
For more information about the route table, see Read the Firebox Route Tables.