TABLE OF CONTENTS At the center of the Juniper firewall s routing infrastructure lies the virtual router (VR). The VR provides the same routing support as a physical router, but allows you to create multiple routing instances on a single box. Functionality-wise, each VR operates independent of the other VRs located on the same firewall or elsewhere in the network. They even maintain their own routing tables and protocol configurations. The real power behind VRs is the option to granularly control routing within the Juniper firewall. If you feel granularity is a common theme in many Juniper products, you re right! This is no coincidence; it s a well thought out design. As you know, interfaces are applied to zones, and zones are applied to virtual routers. Therefore, VRs empower you to segment the routing of your network to a completely different router. Of course, you don t have to segment the routing on your firewall, but you have the capability to do this if you wish. In this section, we will begin with a review of what facilities the firewalls come with by default, followed by a look at the capabilities of the virtual routers.
Juniper firewalls come configured with two VRs right out of the box. The Trust-VR and Untrust-VR cannot be deleted, although they can be modified. By default, firewall considers the Trust-VR the default router. Optionally, you can add other VRs, or delete custom VRs, as you see fit. VRs can even route traffic between each other.
