FRR Global Settings Configuration

Configuration of FRR Global Settings is performed at Services > FRR Global/Zebra, on the Global Settings tab in FRR. From other areas of FRR, these settings can also be reached by the [Global Settings] tab.

General Options


Master enable option for FRR. When unchecked, all of FRR is disabled, including individual routing daemons.

Default Router ID:

The Router ID is an IPv4-address formatted string which uniquely identifies this router. Typically it is set to the LAN address of a router or another unique interface address.

This default router ID is used by FRR when a per-protocol router ID is not set.

Master Password:

The password used by FRR for accessing the management daemons internally. This is not typically used by humans interacting with the daemons in the shell (e.g. via vtysh) but only internally in FRR.

Encrypt Password:

When set, encrypts passwords in output from FRR.

Ignore IPsec Restart:

When checked, IPsec restarts cause no action to be taken by FRR. When unchecked, IPsec VTI interfaces will be reset in FRR when IPsec restarts. This reset can prevent routes from becoming inactive in the routing table after IPsec VTI interface events.

CARP Status IP:

Used to determine the CARP status when using FRR with certain high availability setups. When the selected CARP vhid is in BACKUP status, FRR will not be started. This check is also made when a CARP VIP transitions to a new status, and the FRR daemons will be stopped or started appropriately to match the VIP status.


The dynamic routing manager daemon can send log messages to a file, via syslog, or both.

Syslog Logging:

Instructs FRR to send its log messages to syslog.

Package Logging Level:

Controls the verboseness of FRR package scripts


Typical log messages.


Detailed log messages, which may include debugging information.


The Enable SNMP AgentX option in this section controls whether or not data from FRR will be available through the NET-SNMP package.


This feature is not compatible with the bsnmp daemon included with the firewall, only the NET-SNMP package.

Route Handling

The options in this section influence FRR global routing behavior. For example, it can setup special automatic lists to control route acceptance and also to setup FRR-based static routes (e.g. staticd). These are different than static routes managed in the firewall GUI directly (Static Routes).

Do Not Accept:

When set, routes matching the Subnet exactly will not be accepted from routing protocols.

Null Route:

When set, traffic from hosts inside the defined Subnet will never be routed. The traffic will be dropped when it arrives at the firewall.

This option takes precedence over other routing options.


An IPv4 subnet or IPv6 prefix for this entry.

Static Route Target:

A list of available system gateways, BGP neighbors, and interfaces which can be used as a destination for this route entry. Selecting an entry from the drop-down turns this entry into an FRR static route.

Force Service Restart

By default, FRR attempts to stay running and enact changes in a dynamic way so that there is no loss of service when possible.

Certain changes may necessitate a full restart of FRR, which can be done with the Force Service Restart button in this section.