User's Manual

Chapter 6 Configuration Basics

ZyWALL USG 20/20W User’s Guide

and general NAT on the source address. You have to set up the criteria, next-hops,

and NAT settings first.

Example: You have an FTP server connected to P6 (in the DMZ zone). You want

to limit the amount of FTP traffic that goes out from the FTP server through your

WAN connection.

1 Create an address object for the FTP server (Object > Address).

2 Click Configuration > Network > Routing > Policy Route to go to the policy

route configuration screen. Add a policy route.

3 Name the policy route.

4 Select the interface that the traffic comes in through (P3 in this example).

5 Select the FTP server’s address as the source address.

6 You don’t need to specify the destination address or the schedule.

7 For the service, select FTP.

8 For the Next Hop fields, select Interface as the Type if you have a single WAN

connection or Trunk if you have multiple WAN connections.

9 Select the interface that you are using for your WAN connection. If you have

multiple WAN connections, select the trunk.

10 Specify the amount of bandwidth FTP traffic can use. You may also want to set a

low priority for FTP traffic.

Note: The ZyWALL checks the policy routes in the order that they are listed. So make

sure that your custom policy route comes before any other routes that would

also match the FTP traffic.

MENU ITEM(S)

Configuration > Network > Routing > Policy Route

PREREQUISITES

Criteria: users, user groups, interfaces (incoming), IPSec VPN

(incoming), addresses (source, destination), address groups (source,

destination), schedules, services, service groups

Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks,

interfaces

NAT: addresses (translated address), services and service groups

(port triggering)