Router

Router objects can be used:

As the firewall’s default gateway,
For specifying the type of routing in filter rules (PBR: Policy Based Filtering).

Router objects are defined by a name and at least a gateway used. They may contain one or several gateways used and backup gateways. A mechanism that tests the availability of these gateways makes it possible to provide redundancy – if no responses are received from one or several main gateways, one or several backup gateways will then take over.

Select a router to view or edit its properties.

Name of the object	Name given to the router object when it was created.
Comments	Description associated with the router object.

Button bar

Add	Adds a gateway.
Delete	Deletes the selected gateway.
Move to the list of backups / Move to the list of main gateways	Allows switching from one gateway in the main table to the backup table or vice versa.

Apply	Sends the router’s configuration.
Copy	Allows creating a new router object by duplicating the same characteristics as the edited router.
Cancel	Cancels the router’s configuration.

Tables of gateways used and backup gateways

Both of these tables contain the following columns:

Host (Mandatory)	Clicking on this column will open the objects database to allow selecting a host that acts as the router.
Device(s) for testing availability (Mandatory)	Host or host group to ping in order to determine the connectivity of the gateway. The value selected may be the gateway itself (Test the gateway directly), a host or a group of third-party hosts. The availability test may be disabled for the selected gateway by selecting the value No availability testing. NOTE If the value No availability testing has been selected for all gateways, the function enabling a switchover to backup gateways will then be disabled.
Weight	Allows assigning a priority between the various gateways for the load balancing mechanism. A gateway with a higher weight will therefore be used more often when balancing traffic load.
(Optional) Comments	Any text.

NOTE
Parameters that define the interval between two availability tests (“frequency”), the maximum waiting time for a response (“wait”) and the number of tests to perform before declaring the gateway uncontactable (“tries”) can only be configured via CLI command:
CONFIG OBJECT ROUTER NEW name=<router name> [tries=<int>] [wait=<seconds>] [frequency=<seconds>] update=1.
The default values suggested are 15 seconds for the “frequency” parameter, 2 seconds for the “wait” parameter and 3 for the "tries" parameter.

Advanced properties

Load balancing	The firewall allows distributed routing between the various gateways used through several methods: No load balancing: only the first gateway defined in the "Used gateways" and "Backup gateways" tables will be used for routing. By connection: all gateways defined in the "Used gateways" table will be used. The load balancing algorithm is based on the source (source IP address, source port) and the destination (destination IP address, destination port) of the traffic. The rate at which the various gateways are used will be related to their respective weights. By source IP address: all gateways defined in the "Used gateways" table will be used. An algorithm allows balancing routing based on the source of the routed traffic. The rate at which the various gateways are used will be related to their respective weights.
Enable backup gateways	When all gateways cannot be reached: the backup gateway(s) will only be enabled when all the gateways used cannot be contacted. When at least one gateway cannot be reached: the backup gateway(s) will be enabled as soon as a gateway used cannot be contacted. This option is grayed out when a single gateway is entered in the table of used gateways. When the number of gateways that can be reached is lower than: the backup gateway(s) will be enabled as soon as the number of contactable gateways used falls below the number indicated. This option is grayed out when a single gateway is entered in the table of used gateways.
Enable all backup gateways when unavailable	If this option is selected, all backup gateways will be enabled as soon as the condition for enabling them has been met. If it is not selected, only the first backup gateway listed will be enabled.
If no gateways are available	Select the behavior that the firewall must adopt if all the gateways defined in the router object cannot be contacted: Default route: the routes (static or dynamic) defined in the firewall’s routing table will be applied, Do not route: the firewall will not manage packets passing through.