Technical Documentation

Virtual Router ID

A unique identifier used to communicate with other routing devices. The identifier can be in the form of a dotted decimal notation, like an IP address, or an integer value. If you do not configure a specific virtual router ID before enabling a dynamic routing protocol, the device automatically selects the highest IP address of the active interfaces in the VR for the router identifier.

Maximum Number of Routes

The maximum number of routing table entries that can be allocated for a specific virtual router. The maximum number of route entries available depends upon the security device and the number of virtual routers configured on the device. Setting the maximum number of route entries in a VR helps prevent one virtual router from using up all the entries in the system.

Maximum Equal Cost Routes Supported (ScreenOS 5.1 and later only)

The maximum equal cost multi-path (ECMP) routes used by the virtual router. You might want to use ECMP when load balancing to enable the route lookup to select a different route each time the route is invoked. This setting controls how many ECMP routes the route lookup can use; you can configure one to four ECMP routes for each virtual router. For example, when this setting is three and the number of available ECMP routes is five, the route lookup uses only the first three ECMP entries in the routing table (in roundsrobin fashion) for the virtual router.

Route Lookup Preference (ScreenOS 5.1 and later only)

Configure the order in which route lookup occurs. By default, route lookup uses the following sequence: SIBR routes (preferred value 3), source-based routes (preferred value 2), destination-based routes (preferred value 1). To change this sequence, configure the values for each preference from 1 to 255; the higher the value, the more preferred the route.

Shared VR

You can make the VR accessible from any virtual system (vsys) on the device. By default, only the untrust-vr is a shared VR that is accessible by any vsys. You can configure other root-level VRs to be sharable.

Route Exporting

(For the trust-vr only) You can enable or disable automatic route exporting to the untrust-vr for interfaces configured in Route mode.

Consider Active Routes

You can direct the virtual router to consider active routes on inactive interfaces for redistribution or export. By default, only active routes defined on active interfaces can be redistributed to other protocols or exported to other virtual routers.

SNMP Private Traps

You can specify the use of SNMP private traps for managing virtual router objects, including objects in the dynamic routing MIB. This option is only available for the default root-level virtual router.

Ignore Overlapping Subnets

You can direct the virtual router to ignore overlapping subnet addresses for interfaces in the virtual router. By default, you cannot configure overlapping subnet IP addresses on interfaces in the same virtual router.

Next Hop

(For the trust-vr only) You can direct the virtual router to use the untrust-vr as the next hop for the default route.