We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

When does routes of type 'throw-boot' introduced?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00005171 
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x


What characterises routes of type "throw-boot", and when are they introduced in VPN routing tables?



Routes of type "throw-boot" are designed to exclude local server networks that overlap with a VPN partner network from VPN routing tables. They are automatically introduced in order to guarantee correct routing of client requests within a local network.The following example configuration illustrates the effect of throw-boot routes.


VPN tunnel details:


Tunnel A:
Local network:
Remote network:


Tunnel B:
Local network:
Remote network:


As both local networks are included into the network scopes of the remote networks, without throw-boot routes clients attempting to access systems within their own network scope would always be routed into the VPN tunnel. Thus, for every VPN routing table, throw-boot routes are automatically introduced, to explicitly exclude these requests from VPN routing. Local requests can then be passed to the routing entries listed in Table main , after they have been "thrown" from the VPN routing table.


The routing tables for the VPN tunnels stated above can be viewed as follows in "Control" > "Network" tab of the system hosting the VPN server.


Output format:  Table / Type / Device


Table <n>, From / device-boot / vpn<n> / throw-boot / - / throw-boot / -


Table <n>, From / device-boot / vpn<n> / throw-boot / - / throw-boot /-



Link to This Page: