Palo Alto Networks Support for Null Routes

Palo Alto Networks Support for Null Routes

42800
Created On 09/25/18 19:54 PM - Last Modified 08/05/19 20:36 PM


Resolution


Overview

A null route (blackhole route) is a network route (routing table entry) that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering. There is no Null interface as such on the Palo Alto firewalls, that can be used to point the routes out to, something like:

set route 10.251.240.0/21 interface null preference 250

Workaround

Create an unnumbered dummy tunnel interface (tunnel interface with out an IP) and point the route on that interface, with the next hop option selected as "none".

ss1.png

owner: kprakash
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clh9CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language