It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

When does routes of type 'throw-boot' introduced?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00005171 
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x


What characterises routes of type "throw-boot", and when are they introduced in VPN routing tables?



Routes of type "throw-boot" are designed to exclude local server networks that overlap with a VPN partner network from VPN routing tables. They are automatically introduced in order to guarantee correct routing of client requests within a local network.The following example configuration illustrates the effect of throw-boot routes.


VPN tunnel details:


Tunnel A:
Local network:
Remote network:


Tunnel B:
Local network:
Remote network:


As both local networks are included into the network scopes of the remote networks, without throw-boot routes clients attempting to access systems within their own network scope would always be routed into the VPN tunnel. Thus, for every VPN routing table, throw-boot routes are automatically introduced, to explicitly exclude these requests from VPN routing. Local requests can then be passed to the routing entries listed in Table main , after they have been "thrown" from the VPN routing table.


The routing tables for the VPN tunnels stated above can be viewed as follows in "Control" > "Network" tab of the system hosting the VPN server.


Output format:  Table / Type / Device


Table <n>, From / device-boot / vpn<n> / throw-boot / - / throw-boot / -


Table <n>, From / device-boot / vpn<n> / throw-boot / - / throw-boot /-



Link to This Page: