Configuring Routing in SonicOS Enhanced

If you have routers on your interfaces, you can configure the SonicWALL appliance to route network traffic to specific predefined destinations. Static routes must be defined if the network connected to an interface is segmented into subnets, either for size or practical considerations. For example, a subnet can be created to isolate a section of a company, such as finance, from network traffic on the rest of the LAN, DMZ, or WAN.

To add static routes, complete the following steps:

Expand the Network tree and click Routing. The Routing page displays.

Click Add Route Policy.

Select the source address object from the Source list box.

Select the destination address object from the Destination list box.

Specify the type of service that is routed from the Service list box.

Select the address object that acts as a gateway for packets matching these settings.

Select the interface through which these packets are routed from the Interface list box.

Specify the RIP metric in the Metric field.

Type a descriptive comment into the Comment field.

For appliances running SonicOS Enhanced 4.0 and above, optionally select Disable route when the interface is disconnected.

For appliances running SonicOS Enhanced 4.0 and above, select Allow VPN path to take precedence to allow a matching VPN network to take precedence over the static route when the VPN tunnel is up.

For appliances running SonicOS Enhanced 6.1 and above, select Permit TCP Acceleration to allow accelerated TCP traffic to pass through the SonicWall appliance.

Click the Probe drop-down menu and select a probe type.

Click Disable route when probe succeeds.

Click Probe default state is UP.

To configure the routing policy advanced settings, click the Advanced tab.

Enter the ToS hexadecimal value in the TOS text-field.

Enter the ToS Mask hexadecimal value in the TOS Mask text-field.

Enter a value for the Admin Distance, or select Auto for an automatically created Admin Distance.

When you are finished, click Update. The route settings are configured for the selected SonicWALL appliance(s). To clear all screen settings and start over, click Reset.

Probe-Enabled Policy Based Routing Configuration

For appliances running SonicOS Enhanced 5.5 and above, you can optionally configure a Network Monitor policy for the route. When a Network Monitor policy is used, the static route is dynamically disabled or enabled, based on the state of the probe for the policy.

Policy Based Routing is fully supported for IPv6 by selecting IPv6 address objects and gateways for route policies on the Network > Routing page. IPv6 address objects are listed in the Source, Destination, and Gateway columns of the Route Policies table. Configuring routing polices for IPv6 is nearly identical to IPv4.

Complete the following to configure a policy based route:

In the Probe pull-down menu select the appropriate Network Monitor object or select Create New Network Monitor object... to dynamically create a new object. For more information, see Configuring Network Monitor .

Typical configurations do not have Disable route when probe succeeds checked because typically administrators will want to disable a route when a probe to the route’s destination fails. This option is provided to give administrators added flexibility for defining routes and probes.

Select the Probe default state is UP to have the route consider the probe to be successful (such as in the “UP” state) when the attached Network Monitor policy is in the “UNKNOWN” state. This is useful to control the probe-based behavior when a unit of a High Availability pair transitions from “IDLE” to “ACTIVE,” because this transition sets all Network Monitor policy states to “UNKNOWN.”

Click Update to apply the configuration.