[Nebula] How to configure Policy Route on NSG?

Zyxel_Jason Posts: 327  Zyxel Employee
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.

Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.

Where to configure:
You may find it on "Security gateway > Configure > Policy Route" to configure.
Example screenshot for Policy Route:

Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "" has to access the Internet via WAN 1(ISP 1)
LAN2 "" has to access the Internet via WAN 2(ISP 2)

Example of the configuration:

Scenario for Intranet:

Only hosts in LAN "" can reach LAN "".
Only Router knows where LAN "" is.
Note: The Intranet policy route type is without SNAT.

Example of the configuration:

Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host wants to communicate to another host which subnet does not use VPN on the remote site.

Example of the configuration:

Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.