4 Replies Latest reply: Feb 27, 2012 2:44 PM by watarimono RSS

    Multiple Default Routes


      Does anyone know if it is possible to have mulitple default routes on a Web Gateway running 7.1.6?

      For example, we want to configure two interfaces with IP address on two different networks.  How do we go about configuring the default route for each interface?


      Thank you,

        • 1. Re: Multiple Default Routes
          Jon Scholten

          I believe what you are asking for is static routes.


          This means that you have one default gateway for everything, then any specific routes specified if you need to route internally to other internal networks.


          This is configured under Configuration > Static Routes.


          Let me know if this helps.



          • 2. Re: Multiple Default Routes

            Manassas Default Gateway Question.jpg

            Thanks Jon,

            I understand we can route internal networks via static routes.  However we need to be able to route the internet traffic through either web gateways in the event we lose one side.  Above is a diagram of what we are dealing with. The WCCP on the firewall is configured to block and redirect all port 80/443 traffic back to the proxy server and the proxy server then directs the web traffic back to the firewall which allows it out. The same configuration is on both firewalls and the idea is to have full redundancy. The thing that we do not know is if a static route will work to redirect traffic out to the internet in the event either of the proxy goes down.

            • 3. Re: Multiple Default Routes

              One default gateway per appliance is all ou can have.


              However, are both your firewalls a pair that uses VRRP or HSRP? Can you point the default gateway to a VIP that either of the firewalls service depending on availability?

              • 4. Re: Multiple Default Routes

                Thanks Jon,

                The firewalls are actually pointing to two separate ISP handoffs.

                In the event of the failure of the primary proxy server, the primary firewall hands the WCCP off to the secondary proxy server.  However, the default gateway of the secondary proxy server is on a different network so no internet traffic will be routed out.


                I just had a conversation with support and they said that policy based routing is not an available feature right now but a future feature request was submitted.


                I appreciate the feedback.   Thanks again guys.