Best Of

Thanks for clarifying.

I dug a little deeper and tested policy routes for binding FQDN objects (or whatever criteria you pick) to certain IP addresses on a WAN port.

My ISP / WAN IP settings
Yours might differ – call your ISP when in doubt…

Modem/Router IP xxx.xxx.xxx.13 (this is also my gateway)
IP #1 xxx.xxx.xxx.14
···
IP #5 xxx.xxx.xxx.18
Subent Mask 255.255.255.248

#1 Add IPs to the WAN interface
Go to Network > Interface > Ethernet > select your WAN port and click "Create Virtual Interface".
Fill in Name, IP, Netmask and Gateway (at least that works for me) and maybe change Metric to something higher than the default 0 if you want your main IP to be used per default.

#2 Create IP objects
Go to Object > Address/Geo IP and add objects of the type INTERFACE IP for all your virtual WAN interfaces.

#3 Add Policy Route
Go to Network > Policy Route and click "Add".
Configure your criteria for the Route. I chose "Any" for all and set the Destination Address to a FQDN for testing. Just like any other Policy.
Set Next Hop to "Interface" and pick the WAN interface.
Then comes the important part: Switch "Source Network Address Translation" from "Outgoing Interface" to one of your newly added IP objects.

For testing I use this PHP one-liner: echo $_SERVER["REMOTE_ADDR"];

Dear all users,

This problem should be same as this discussion:

We are currently investigating the problem. Please add the File Pattern "AD2F1837.HPPrinterControl*" on the Allow list in your Anti-Malware settings:

Here is the on-premise firewall setting:

Here is the Nebula firewall setting:

We will provide an update as soon as we have more progress. Thank you for your patience.

Hi @RSaull

The issue was already resolved in firmware 5.30 C0. You can find it in the release note. Hence, you can follow the standard procedure to use cloud firmware update on HA.

1. [Bug Fix] eITS#220301001
   Fix: Cloud Firmware update issue in device HA scenario

For most of the questions, answers are NAT and Static/Policy Routing.
NAT for incoming connections, Static/Policy Routing for outgoing connections.

"FDQN" do not get to be routed. IPs get. So IMHO, you should narrow down from FDQN to IPs that need specific routing than consider Static or Policy Routing case to case. IF your service provider (the FDQN owner) don't provide the corrispondency list, I think that manual DNS digging is due diligence.

Yes, ZyWall 110 is only able to converter to USG FLEX 500 or VPN100 on our Online converter.
You can provide your config to me through PM, I will do it for you.

James

Hello,

once you've provided fix it would be better to remove this exclusion?

Just to keep trace about the settings (300 firewall to manage!)

Thanks

Luca

Hello,

I was trying to set up an L2TP VPN today and when I clicked on "Configuration Walkthrough" it popped up a dead page (url listed below).https://kb.zyxel.com/KB/searchArticle!viewBlob.action?attOid=14441

I checked with a third-party site to see if it was just us and it wasn't. Also, according to MX Toolbox, there is no DNS record for "kb.zyxel.com". As such, everything that links to this subdomain is not working.

Are you aware of this issue? Is there an ETA on fixing it? Thanks.