11.2.3.1. Default route setting

Operation Confirmed Version:
 vSRX Version15.1X49-D105.1
For vSRX , default route settings can be made. The default route is a static route for which the next hop address for transmission is preset when packets whose destinations are not present in a routing table are received and forwarded.

Note

  • The default gateway can be set with the customer portal only when Firewall is created.

  • Except when the Firewall is created, IP address setting to the Firewall (vSRX) through the customer portal/API is not made. Therefore, change the setting through vSRX portal/API/CLI, based on the design of the customer.

Setting the default route

Make settings for the default route.

Presumed case for sample setting

  • To enable communications of packets addressed to an external network (Internet) and received by vSRX02, with the default route settings.

Note

Assume that routing settings have been properly made on devices which are present on the route.

Configuration diagram

Setting flow in a presumed case

1.Set the adjacent address 10.0.0.254 of vSRX-02 as Next-hop.

Command to be entered with CLI

[edit]
user01@vSRX-02# set routing-options static route 0.0.0.0/0 next-hop 10.0.0.254

The configuration after completion of appropriate settings is as follows.

user01@vSRX-02> show configuration routing-options
static {
    route 0.0.0.0/0 next-hop 10.0.0.254;
}

Operation check result

The verification result log below allowed to confirm that the setting of the default route (0.0.0.0/0) has been made properly. Success of communications from vSRX-02 in the verification configuration diagram to server (X.X.X.X) on the Internet designates that the default route has been set properly.

Checking the setting of the default route, with the routing table of vSRX-02

user01@vSRX-02> show route

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:00:02
                    > to 10.0.0.254 via fxp0.0
10.0.0.0/24        *[Direct/0] 1w3d 03:03:06
                    > via fxp0.0
10.0.0.102/32      *[Local/0] 1w3d 03:03:06
                      Local via fxp0.0
192.168.1.0/24     *[Direct/0] 1w3d 03:02:59
                    > via ge-0/0/0.0
192.168.1.102/32   *[Local/0] 1w3d 03:03:01
                      Local via ge-0/0/0.0
192.168.2.0/24     *[Direct/0] 00:02:13
                    > via ge-0/0/1.0
192.168.2.102/32   *[Local/0] 00:02:13
                      Local via ge-0/0/1.0
192.168.3.0/24     *[Direct/0] 1w3d 03:02:59
                    > via ge-0/0/2.0
192.168.3.102/32   *[Local/0] 1w3d 03:03:01
                      Local via ge-0/0/2.0
192.168.4.0/24     *[Direct/0] 1w0d 00:16:52
                    > via ge-0/0/3.0
192.168.4.102/32   *[Local/0] 1w3d 03:03:01
                      Local via ge-0/0/3.0
224.0.0.5/32       *[OSPF/10] 1w3d 03:03:07, metric 1
                      MultiRecv

user01@vSRX-02>

Checking communications from vSRX-02 (10.0.0.102) to server (X.X.X.X) on the Internet

user01@vSRX-02> ping X.X.X.X rapid
PING X.X.X.X (X.X.X.X): 56 data bytes
!!!!!
--- X.X.X.X ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.544/5.808/8.920/1.592 ms

user01@vSRX-02>

Note

The destination IP address for ping was masked because it is an actual Internet-side IP address.