It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

When does routes of type 'throw-boot' introduced?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00005171 
 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

What characterises routes of type "throw-boot", and when are they introduced in VPN routing tables?


 

Solution:

Routes of type "throw-boot" are designed to exclude local server networks that overlap with a VPN partner network from VPN routing tables. They are automatically introduced in order to guarantee correct routing of client requests within a local network.The following example configuration illustrates the effect of throw-boot routes.

 

VPN tunnel details:

 

Tunnel A:
Local network: 10.0.1.0/8
Remote network: 10.0.0.0/16

 

Tunnel B:
Local network: 10.0.2.0/8
Remote network: 10.0.0.0/24


Issue:

As both local networks are included into the network scopes of the remote networks, without throw-boot routes clients attempting to access systems within their own network scope would always be routed into the VPN tunnel. Thus, for every VPN routing table, throw-boot routes are automatically introduced, to explicitly exclude these requests from VPN routing. Local requests can then be passed to the routing entries listed in Table main , after they have been "thrown" from the VPN routing table.

 

The routing tables for the VPN tunnels stated above can be viewed as follows in "Control" > "Network" tab of the system hosting the VPN server.

 

Output format:  Table / Type / Device

 

Table <n>, From 10.0.1.0/8
10.0.0.0/16 / device-boot / vpn<n>
10.0.1.0/8 / throw-boot / -
10.0.2.0/8 / throw-boot / -

 

Table <n>, From 10.0.2.0/8
10.0.0.0/24 / device-boot / vpn<n>
10.0.1.0/8 / throw-boot / -
10.0.2.0/8 / throw-boot /-

 

 

Link to This Page:
https://campus.barracuda.com/solution/50160000000IKZQAA4