ZyWALL User's Guide

ManualsBrandsZyXEL Communications ManualsNetwork Router100 Series

281

282

283

284

285

286

287

288

289

290

Chapter 12 Policy and Static Routes

ZyWALL USG 100/200 Series User’s Guide

282

Schedule Select a schedule or select Create Object to configure a new one (see Chapter 38

on page 619 for details). none means the route is active at all times if enabled.

Service Select a service or service group from the drop-down list box. Select Create

Object to add a new service. See Section 37.2.1 on page 615 for more

information.

Next-Hop

Type Select Auto to have the ZyWALL use the routing table to find a next-hop and

forward the matched packets automatically.

Select Gateway to route the matched packets to the next-hop router or switch you

specified in the Gateway field. You have to set up the next-hop router or switch as

a HOST address object first.

Select VPN Tunnel to route the matched packets via the specified VPN tunnel.

Select Trunk to route the matched packets through the interfaces in the trunk

group based on the load balancing algorithm.

Select Interface to route the matched packets through the specified outgoing

interface to a gateway (which is connected to the interface).

Gateway This field displays when you select Gateway in the Type field. Select a HOST

address object. The gateway is an immediate neighbor of your ZyWALL that will

forward the packet to the destination. The gateway must be a router or switch on

the same segment as your ZyWALL's interface(s).

VPN Tunnel This field displays when you select VPN Tunnel in the Type field. Select a VPN

tunnel through which the packets are sent to the remote network that is connected

to the ZyWALL directly.

Auto

Destination

Address

This field displays when you select VPN Tunnel in the Type field. Select this to

have the ZyWALL use the local network of the peer router that initiated an

incoming dynamic IPSec tunnel as the destination address of the policy.

Leave this cleared if you want to manually specify the destination address.

Trunk This field displays when you select Trunk in the Type field. Select a trunk group to

have the ZyWALL send the packets via the interfaces in the group.

Interface This field displays when you select Interface in the Type field. Select an interface

to have the ZyWALL send traffic that matches the policy route through the

specified interface.

Address

Translation

Use this section to configure NAT for the policy route. This section does not apply

to policy routes that use a VPN tunnel as the next hop.

Source Network

Address

Translation

Select none to not use NAT for the route.

Select outgoing-interface to use the IP address of the outgoing interface as the

source IP address of the packets that matches this route. If you select outgoing-

interface, you can also configure port trigger settings for this interface.

Otherwise, select a pre-defined address (group) to use as the source IP

address(es) of the packets that match this route.

Select Create Object to configure a new address (group) to use as the source IP

address(es) of the packets that match this route.

Port Triggering Configure trigger port forwarding to allow computers on the LAN to dynamically

take turns using a service that uses a dedicated range of ports on the client side

and a dedicated range of ports on the server side.

Note: You need to create a firewall rule to allow an incoming service

before using a port triggering rule.

# This is the rule index number.

Table 90 Network > Routing > Policy Route > Edit (continued)

LABEL DESCRIPTION