Static Routes

A static route is a route from one network to another network that you define and enter manually into the routing table. You might want to use static routes in the following cases:

  • Your network is small and stable and you can easily manage manually adding and changing routes between devices.

  • Your networks use an unsupported router discovery protocol.

  • You do not want the traffic or CPU overhead associated with routing protocols.

  • In some cases, a default route is not enough. The default gateway might not be able to reach the destination network, so you must also configure more specific static routes. For example, if the default gateway is outside, then the default route cannot direct traffic to any inside networks that are not directly connected to the FDM-managed device.

  • You are using a feature that does not support dynamic routing protocols.

Limitations:

  • Security Cloud Control does not currently support the management, monitoring, or use of Virtual Tunnel Interface (VTI) tunnels on ASA or FDM-managed devices. Devices with configured VTI tunnels can be onboarded to Security Cloud Control but it ignores the VTI interfaces. If a security zone or static route references a VTI, Security Cloud Control reads the security zone and static route without the VTI reference. Security Cloud Control support for VTI tunnels is coming soon.

  • FDM-managed device running on software version 7.0 or later allows configuring Equal-Cost Multi-Path (ECMP) traffic zones. When the FDM-managed device is onboarded to Security Cloud Control, it can read but cannot modify the ECMP configuration available in the global VRF routes because it does not allow a route to the same destination network with an identical metric value. You can create and modify ECMP traffic zones through FDM and then read it into Security Cloud Control. For more information on ECMP, see the "Equal-Cost Multi-Path (ECMP) Routing" section in the "Routing Basics and Static Routes" chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 7.0 or later.