[Nebula] How to configure Policy Route on NSG?

Zyxel_Jason · August 2018

Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.

Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
(1)Internet
(2)Intranet
(3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.

Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:

Image: https://us.v-cdn.net/6029482/uploads/editor/tj/we83lg8gk78v.png

Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)

Example of the configuration:

Image: https://us.v-cdn.net/6029482/uploads/editor/kr/b5ptosodl6px.png

Scenario for Intranet:

Image: https://us.v-cdn.net/6029482/uploads/editor/ob/dmbyvb0fwfcq.jpg

Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.

Example of the configuration:

Image: https://us.v-cdn.net/6029482/uploads/editor/yw/3o8kdk9n3vzo.png

Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.

Image: https://us.v-cdn.net/6029482/uploads/editor/hh/67hsltrieac9.jpg

Example of the configuration:

Image: https://us.v-cdn.net/6029482/uploads/editor/0s/rsjxtnr1is1q.png

Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.

[Nebula] How to configure Policy Route on NSG?

Categories