Managing virtual routing and forwarding (VRF) tables

Kaspersky NGFW supports the Virtual Routing and Forwarding (VRF) technology for creating virtual routing and forwarding tables on Kaspersky NGFW devices.

Virtual routing and forwarding tables are independent from each other, which allows you to divide the network into separate segments within a single physical device and to isolate routes. This makes managing routing settings easier and more flexible while improving device security.

You can use virtual routing and forwarding tables on Kaspersky NGFW devices when managing the following settings:

OSPF routes do not support virtual routing and forwarding tables.

You can view the list of virtual routing and forwarding tables in a network template and on a Kaspersky NGFW device:

To view the list of virtual routing and forwarding tables in a network template, select the Network templates tab in the menu, click a device template, and select the Routing → VRF section.
To view the list of virtual routing and forwarding tables on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device and select the Routing → VRF section.

The table in this section contains the following information about virtual routing and forwarding tables:

Name is the name of the virtual routing and forwarding table.
Table is the unique ID of the virtual routing and forwarding table.
Interfaces is the list of interfaces that are included in the virtual routing and forwarding table.

By default, the following virtual routing and forwarding tables are created on a Kaspersky NGFW device:

The Management VRF is a virtual router with a separate routing and forwarding table that lets you isolate traffic used to manage the device. The Management virtual routing and forwarding table can be used for device management functionality, such as SNMP, SSH, syslog, etc. You can add interfaces for device management traffic to the Management VRF.
The Management VRF is configured on the device by default and includes one network interface with the dedicated management interface rule that has static IP address 192.168.7.1/24. You cannot delete the Management virtual routing and forwarding table.

Network interfaces with the dedicated management interface role are always included in the Management VRF. You cannot move these interfaces to other virtual routing and forwarding tables.
The Main VRF is a virtual router with a separate routing and forwarding table that includes all network interfaces that exist on the device.
The Main VRF is used internally and is not displayed in the VRF section.

You can do the following with virtual routing and forwarding tables:

Create virtual routing and forwarding tables.
You can create a virtual routing and forwarding table on a Kaspersky NGFW device by adding a routing and forwarding table and network interfaces.
Edit virtual routing and forwarding tables.
After creating a virtual routing and forwarding table, you can manage its settings.
Delete virtual routing and forwarding tables.
You can delete a virtual routing and forwarding table if you do not want to use the corresponding network segment on the device.

You can manage virtual routing and forwarding tables in the web interface of the Kaspersky NGFW plug-in or on the command line. In the web-interface, you can also use the filter and search functionality in the table of virtual routers. You can use the vrf family of commands to manipulate virtual routing and forwarding tables on the command line. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.

Page top