Virtual Routers Overview

A security device can divide its routing component into two or more virtual routers. A virtual router supports static routing, dynamic routing protocols, and multicast protocols, which you can enable simultaneously in one virtual router. A security device can contain the following types of virtual routers (VRs):

• Predefined Virtual Routers—Each security device contains two predefined virtual routers:
  • trust-vr—By default, contains all predefined security zones and any user-defined zones.
  • untrust-vr—By default, does not contain any security zones.

  You cannot delete the trust-vr or untrust-vr predefined virtual routers.

• Custom Virtual Routers—On some security devices, you can create and configure additional custom virtual routers.

You can define multiple VRs, but trust-vr is the default VR. All predefined and custom security zones (and all interfaces bound to those security zones) are bound to the trust-vr virtual router. To bind a security zone to the untrust-vr or to a custom VR, you must first unbind all interfaces from the zone. For a virtual system (vsys), you can select a virtual router to be the default router for the vsys.

The management virtual router supports out-of-band management and segregates firewall management traffic away from production traffic. The feature is disabled by default and you can enable it by setting a virtual router.

Related Documentation

• Configuring Virtual Routers
• Route Types Overview
• Virtual Router General Properties Overview
• Route Map Overview