This document is a quick start guide for configuring a virtual router on a FireSIGHT System.
Virtual routing feature is available on the following appliances:
- FirePOWER 7000 Series Appliance
- FirePOWER 8000 Series Appliance
A valid control license is necessary to enable the virtual routing functionality on a FireSIGHT System. In order to verify the status of licenses on a device, follow the steps below:
- Navigate to Devices > Device Management page.
- Click the pencil icon to edit the device where you want to enable virtual routing.
- Select the Device tab. In the Device page, you will find the list and status of licenses.
The information on this document is based on these hardware and software versions:
- FireSIGHT Management Center, FirePOWER 7000 Series Appliances and 8000 Series Appliances.
- Software Version 5.2 or later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Add a Virtual Router
Step 1: Navigate to Devices > Device Management.
Step 2: Click the pencil icon to edit the device where you want to configure a virtual router.
Step 3: Click the Virtual Routers tab.
Step 4: Click the Add Virtual Router button. The Add Virtual Router window appears.
Step 5: In the Name field of General tab, give a name for the virtual router. The following example uses vRouter as the name of the virtual router.
Step 6: To designate a virtual router to support IPv6 addresses, select the IPv6 Support check box. You should clear this check box when explicit support for non-IPv6-capable protocols, such as RIPv2 and OSPFv2, is required.
Step 7: Optionally, clear Strict TCP Enforcement if you do not want to enable strict TCP enforcement. This option is enabled by default.
Step 8: Under Interfaces, the Available list contains all Layer 3 interfaces, such as routed and hybrid, on the device that you can assign to a virtual router. To assign an interface to a virtual router, select an interface and click Add.
Step 9: Click Save. Changes do not take effect until you select the Apply Changes button.
Add a Static Route
Step 1: Select the Static tab when the Add Virtual Router window appears. See step 4 of Add a Virtual Router section.
Step 2: Click Add Static Route button.
Step 3: In the Route Name field, give a name for the static route. You can use alphanumeric characters and spaces.
Step 4: Select the Enabled check box to enable the static route.
Step 5: In the Preference field, type a numerical value between 1 and 65535 to determine the route selection. If you have multiple routes to the same destination, the system selects the route with the higher preference.
Step 6: From the Type drop-down list, select the type of static route you want to configure.
Step 7: In the Destination field, type the IP address for the destination network where traffic should be routed.
Step 8: In the Gateway field, you have two options:
- If you selected IP as the Type of static route, type an IP address.
- If you selected Interface as the Type of static route, select an interface from the drop-down list.
Step 9: Click OK.
Step 10: Click Save. Changes do not take effect until you select the Apply Changes button.