Using the command line to configure dynamic routing

You can enter dynamic routing commands through the vtysh shell of the Free Range Routing (FRR) suite on the command line of the NGFW Engine.

Important: If you make changes to dynamic routing using the Management Client, all changes that you made on the command line are overwritten.

Dynamic routing is supported on Single Firewalls, Firewall Clusters, and Virtual Firewalls.

For Virtual Firewalls, you must enter the following command on the Master NGFW Engine to access the command line of the Virtual Firewall:
se-virtual-engine
Firewall Clusters or Master NGFW Engines automatically synchronize the FRR configuration files between nodes, and the routing daemon is automatically stopped and started. Edit the FRR configuration on the node that is currently active for dynamic routing. To check that you are working on the correct node, enter the following command:
sg-dynamic-routing status
The output must include the following string:
FRR suite status (node is Active)

Detailed instructions for configuring the FRR suite can be found on the FRR Software Routing Suite website at https://⁠docs.frrouting.org/en/latest/.

Note: Configuring dynamic routing requires SSH access to the command line. We recommend that you disable SSH access whenever it is not needed. Make sure that your Access rules allow SSH access to the NGFW Engines from the administrators’ IP addresses only.