[Nebula] How to configure Policy Route on NSG?

Zyxel_Jason Posts: 395  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Nebula Security Gateway
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.

echanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.

Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:

Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "" has to access the Internet via WAN 1(ISP 1)
LAN2 "" has to access the Internet via WAN 2(ISP 2)

Example of the configuration:

Scenario for Intranet:

Only hosts in LAN "" can reach LAN "".
Only Router knows where LAN "" is.
Note: The Intranet policy route type is without SNAT.

Example of the configuration:

Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host wants to communicate to another host which subnet does not use VPN on the remote site.

Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.