Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Export and Import Rules in a Virtual Router Overview


When the security device has multiple virtual routers, you can enable one VR to learn specified routes in another VR.

  • Use an export rule on the source VR to export specific routes to the destination VR. When exporting routes, a virtual router permits other VRs to learn about its network.

  • Use an import rule on the destination VR to import specific routes from the source VR. Import rules control which routes can be imported; if the destination VR does not contain any import rules, the destination VR accepts all exported routes, however, if you create an import rule, the destination VR accepts only the routes specified in the import rule.

Configuring an export or import rule is similar to configuring a redistribution rule. You configure a route map to specify which routes are to be exported/imported and the attributes of the routes.

You can also configure the trust-vr to automatically export all its route table entries to the untrust-vr, or configure a user-defined virtual router to automatically export routes to other virtual routers. However, this does not necessarily mean that the untrust-vr imports all the routes exported by the trust-vr. If you define import rules for the untrust-vr, only routes that match the import rules are imported.

From ScreenOS 6.3, security devices also support OSPFv3 protocols while importing or exporting rules in a VR.

For instructions on configuring virtual router export and import rules, see the Network and Security Manager Online Help.