nebula route for all internet traffic

I necessity to use VPN site to site (Non-Nebula VPN peers) as default route for all internet traffic
how is possible in Nebula with NSG50?
thanks in advance

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 242  Zyxel Employee
    edited September 2021
    Hi @FabrizioF,

    Welcome to Zyxel Community!
    May I comfirm your question is that you would like to make all devices under NSG50 to access the Internet via VPN site to site (Non-Nebula VPN peers)?

    If so, you may configure a policy route "Type VPN, Src IP any, Dst IP (peer LAN IP address)" on NSG50 and configure a policy route "VPN, Src IP any, Dst IP (NSG LAN IP address) on peer site.

    Also, configure a policy route on peer site to make all the subnets under NSG50 are able to surf the Internet.
  • Thanks Adam for the reply

    I did not understoond well if I have to do the  route policy on both firewall or only on the NSG50.

    From the site where the NSG50 is, I want to direct all internet traffic to the non-Zyxel firewall

    thanks again
  • Zyxel_Adam
    Zyxel_Adam Posts: 242  Zyxel Employee

    You have to configure the route policy on both site.
    If you only configure it on NSG50 to make all traffic to non-nebula firewall, while no policy is set to the non-nebula firewall, traffic from NSG50 via VPN tunnel does not know where to go back.
  • Hi Adam, i have created route policy on NSG50 but not on the other firewall (through which all internet traffic will go out). His support has said me that isn't necessary.

Nebula Tips & Tricks