Creating a virtual routing and forwarding table

You can create a virtual routing and forwarding table in a network template or on a Kaspersky NGFW device: A virtual routing and forwarding table created in a network template is automatically created on all devices that use this template. A virtual routing and forwarding table created on a device only works on the device on which it was created. You can create up to 200 virtual routing and forwarding tables on each individual device.

To create a virtual routing and forwarding table:

1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
2. Create a virtual routing and forwarding table in one of the following ways:
   • If you want to create a virtual routing and forwarding table in a network template, in the menu, select the Network templates tab, click the device template, and select the Routing → VRF section.
   • If you want to create a virtual routing and forwarding table on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device and select the Routing → VRF section.

   A table of all virtual routing and forwarding tables is displayed.

3. In the upper part of the workspace, click the Create button.

   This opens the virtual routing and forwarding table creation window.

4. In the Name field, enter a name for the virtual routing and forwarding table that you are creating.

   The name of the virtual routing and forwarding table must be unique within the device and cannot be 'Main' or 'Management' in any character case. The maximum length is 128 characters.

   You cannot use a number as the name of a virtual routing and forwarding table, however, a combination of numerals and other characters is a valid name.

5. In the Table drop-down list, select a unique ID for the virtual routing and forwarding table.

   Possible values: 3 to 203. Only available IDs that have not been assigned to other virtual routing and forwarding tables are listed. IDs 0, 1, and 2 are reserved for virtual routing and forwarding tables that the device uses internally.

6. If you want to provide additional traffic isolation for the virtual routing and forwarding table, enable the Use blackhole route toggle switch.

   In this case, a blackhole route with static IP address 0.0.0.0/0 is automatically created. If the virtual routing and forwarding table has a blackhole route, traffic passing through this VRF and does not have a suitable route is dropped. Without a blackhole route, traffic that does not have a suitable route may end up in other virtual routing and forwarding tables.

   This toggle switch is disabled by default.

7. In the table under Network interfaces in the VRF enable the Used toggle switch for network interfaces that you want to add to the virtual routing and forwarding table.

   If you want to remove a network interface from the virtual routing and forwarding table, disable the corresponding toggle switch in the Used column.

   The table displays only those network interfaces that are not part of a network bridge, an aggregated interface, or another virtual routing and forwarding table (except for the Main VRF) and are not the root interface.

   An interface to be added to a virtual routing and forwarding table must not be included in another virtual routing and forwarding table, be used in a static route, or have intersecting subnet IP addresses.

8. Save the virtual routing and forwarding table by clicking Create.

   If you have enabled the Use blackhole route toggle switch, a 0.0.0.0/0 blackhole route is automatically created for this virtual routing and forwarding table in the Static routes section.

   A virtual routing and forwarding table creation event is logged.

9. Apply the OSMP policy changes by clicking the Commit and push button.

Page top