[Nebula] How to configure Policy Route on NSG?

Zyxel_Jason
Zyxel_Jason Posts: 394  Master Member
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Nebula Security Gateway
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.


M
echanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
    (1)Internet
    (2)Intranet
    (3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.

Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:


Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)

Example of the configuration:

Scenario for Intranet:

Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.

Example of the configuration:

Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.

Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Jason