ZyXEL Communications 200 Series User Manual

Page 282

Advertising
background image

Chapter 12 Policy and Static Routes

ZyWALL USG 100/200 Series User’s Guide

282

Schedule

Select a schedule or select Create Object to configure a new one (see

Chapter 38

on page 619

for details). none means the route is active at all times if enabled.

Service

Select a service or service group from the drop-down list box. Select Create
Object
to add a new service. See

Section 37.2.1 on page 615

for more

information.

Next-Hop

Type

Select Auto to have the ZyWALL use the routing table to find a next-hop and
forward the matched packets automatically.
Select Gateway to route the matched packets to the next-hop router or switch you
specified in the Gateway field. You have to set up the next-hop router or switch as
a HOST address object first.
Select VPN Tunnel to route the matched packets via the specified VPN tunnel.
Select Trunk to route the matched packets through the interfaces in the trunk
group based on the load balancing algorithm.
Select Interface to route the matched packets through the specified outgoing
interface to a gateway (which is connected to the interface).

Gateway

This field displays when you select Gateway in the Type field. Select a HOST
address object. The gateway is an immediate neighbor of your ZyWALL that will
forward the packet to the destination. The gateway must be a router or switch on
the same segment as your ZyWALL's interface(s).

VPN Tunnel

This field displays when you select VPN Tunnel in the Type field. Select a VPN
tunnel through which the packets are sent to the remote network that is connected
to the ZyWALL directly.

Auto
Destination
Address

This field displays when you select VPN Tunnel in the Type field. Select this to
have the ZyWALL use the local network of the peer router that initiated an
incoming dynamic IPSec tunnel as the destination address of the policy.
Leave this cleared if you want to manually specify the destination address.

Trunk

This field displays when you select Trunk in the Type field. Select a trunk group to
have the ZyWALL send the packets via the interfaces in the group.

Interface

This field displays when you select Interface in the Type field. Select an interface
to have the ZyWALL send traffic that matches the policy route through the
specified interface.

Address
Translation

Use this section to configure NAT for the policy route. This section does not apply
to policy routes that use a VPN tunnel as the next hop.

Source Network
Address
Translation

Select none to not use NAT for the route.
Select outgoing-interface to use the IP address of the outgoing interface as the
source IP address of the packets that matches this route. If you select outgoing-
interface
, you can also configure port trigger settings for this interface.
Otherwise, select a pre-defined address (group) to use as the source IP
address(es) of the packets that match this route.
Select Create Object to configure a new address (group) to use as the source IP
address(es) of the packets that match this route.

Port Triggering

Configure trigger port forwarding to allow computers on the LAN to dynamically
take turns using a service that uses a dedicated range of ports on the client side
and a dedicated range of ports on the server side.

Note: You need to create a firewall rule to allow an incoming service

before using a port triggering rule.

#

This is the rule index number.

Table 90 Network > Routing > Policy Route > Edit (continued)

LABEL

DESCRIPTION

Advertising
This manual is related to the following products: