Prior to this feature, there was no
inherent mechanism to determine whether the route was up or down, and routes remain in the routing table
even if the next-hop gateway becomes unavailable. The only exception was that if the associated interface on
the firewall went down, the routes were removed from the routing table.
The static route tracking feature provides the capability to install backup routes dynamically when the primary
route fails.
This feature is also useful to define multiple default routes. An example is defining a primary default route to an
ISP gateway and a backup default route to a secondary ISP in case the primary ISP becomes unavailable. Static
route tracking can also be enabled for static or default routes obtained through Dynamic Host Configuration
Protocol (DHCP) or Point-to-Point Protocol over Ethernet (PPPoE).
This feature works by associating a static route with a predefined monitoring target. The Security Appliance
monitors the target by using Internet Control Message Protocol (ICMP) echo request packets. In response, if an
ICMP echo-reply message is not received within a specified period, the object is considered down, and the
associated static route is removed from the routing table.
Pages:
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279