Palo Alto Networks Knowledgebase: Palo Alto Networks Support for Null Routes

Palo Alto Networks Support for Null Routes

7284
Created On 08/05/19 20:22 PM - Last Updated 08/05/19 20:36 PM
Virtual Systems Virtualization
Resolution

Overview

A null route (blackhole route) is a network route (routing table entry) that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering. There is no Null interface as such on the Palo Alto firewalls, that can be used to point the routes out to, something like:

set route 10.251.240.0/21 interface null preference 250

Workaround

Create an unnumbered dummy tunnel interface (tunnel interface with out an IP) and point the route on that interface, with the next hop option selected as "none".

ss1.png

owner: kprakash



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clh9CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language