Given a scenario, identify steps to create and configure a virtual router.

Palo Alto Networks PCNSA Study Guide v10

Virtual Routers

PAN-OS has two types of virtual route engines. The first is the BGP route engine. It ONLY supports BGP and static routing. It can be found on the PA-7000, PA-5200, PA-3200 and the VM series firewalls.

The other is the legacy route engine that supports dynamic routing protocols, multicast routing and static routes. The protocols supported are:

• BGP v4
• OSPFv2
• OSPFv3
• RIPv2
• IMGPv1/v2/v3
• PIM-SM, PIM-ASM, PIM-SSM

Both engines can be configured on the same firewall, but only one may be active at a time. Switching from one to the other requires a commit and reboot of the firewall.

Static routes have a default metric of 10 that is configurable. Virtual routers may remove static routes based on path monitoring. Path monitoring is established using ICMP pings to a reliable host up stream. If the path is unavailable, the virtual router removes it until the host returns.

BGP Route Engine is enabled under Device>Setup>Management and then editing general settings. The box “Advanced Routing” must be checked, committed and then the firewall is rebooted. After the reboot a single Logical Router must be created with the appropriate settings.