[Nebula] How to configure Policy Route on NSG?

Nebula_Jason
Nebula_Jason Posts: 267  Zyxel Employee
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.


Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
    (1)Internet
    (2)Intranet
    (3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.

Where to configure:
You may find it on "Security gateway > Configure > Policy Route" to configure.
Example screenshot for Policy Route:


Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)

Example of the configuration:


Scenario for Intranet:

Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.

Example of the configuration:


Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.

Example of the configuration:

Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Jason
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!