See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community
[Nebula] How to configure Policy Route on NSG?
Zyxel_Jason
Posts: 411 
Zyxel Employee
Zyxel Employee
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.
Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
(1)Internet
(2)Intranet
(3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.
Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:
Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)
Example of the configuration:
Scenario for Intranet:
Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.
Example of the configuration:
Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.
Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
(1)Internet
(2)Intranet
(3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.
Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:
Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)
Example of the configuration:
Scenario for Intranet:
Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.
Example of the configuration:
Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.
Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Jason
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight