Adding routes for Master Engines and Virtual Engines

The need to configure routing can change depending on the role of the Secure SD-WAN Engine and the types of interfaces that have been configured.

Basic routing information for networks directly connected to Master Engines and Virtual Engines is added automatically to both routing and antispoofing based on the IP addresses that you have defined for the interfaces. You must add a default route and any routes through next-hop gateways to networks that are not directly connected to the Master Engine or Virtual Engine.

On Master Engines, routing and antispoofing can only be configured for the Master Engine’s system communications interfaces. No routes have to be defined if a Master Engine communicates only in its local IP network.

On Master Engines that host Virtual Engines, you can only add routes to interfaces that have IP addresses. Routing and antispoofing for Virtual Engines are configured in the same way as for Single Engines.

On Master Engines that host Virtual IPS engines or Virtual Layer 2 Engines, you can only add routes to Normal Interfaces that have IP addresses. It is not possible to add routes to Capture Interfaces or Inline Interfaces on Master Engines that host Virtual IPS engines or Virtual Layer 2 Engines.

Virtual IPS engines and Virtual Layer 2 Engines do not communicate directly with other SMC components. You cannot configure routing for Virtual IPS engines and Virtual Layer 2 Engines.

To transfer changes to the routing or antispoofing for a Master Engine, you must refresh the policy on the Master Engine. To transfer changes to the routing or antispoofing for a Virtual Engine, you must refresh the policy on the Virtual Engine.