Jason
[Nebula] How to configure Policy Route on NSG?
Zyxel_Jason
Posts: 394 Master Member
Policy Route is a features that could make traffic forward to the desired destination like LAN, WAN or even VPN tunnel.
Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
(1)Internet
(2)Intranet
(3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.
Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:
Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)
Example of the configuration:
Scenario for Intranet:
Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.
Example of the configuration:
Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.
Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Mechanism of this feature:
1. Maximum of 20 policy Routes per site.
2. Three types of Policy Route:
(1)Internet
(2)Intranet
(3)VPN
3. Routing Hierarchy: Direct Routes > Policy Routes > Static Routes
4. Policy Route order can be rearranged.
Where to configure:
You may find it on Configure > Security gateway > Policy Route to configure.
Example screenshot for Policy Route:
Scenario and Example for three types of Policy Route:
Scenario for Internet:
LAN "192.168.1.0/24" has to access the Internet via WAN 1(ISP 1)
LAN2 "192.168.2.0/24" has to access the Internet via WAN 2(ISP 2)
Example of the configuration:
Scenario for Intranet:
Only hosts in LAN "192.168.2.0/24" can reach LAN "192.168.10.0/24".
Only Router 192.168.1.33 knows where LAN "192.168.10.0/24" is.
Note: The Intranet policy route type is without SNAT.
Example of the configuration:
Scenario for VPN: (Nebula to Non-Nebula Peer VPN Policy Routes)
The host 192.168.37.33 wants to communicate to another host 192.168.2.33 which subnet does not use VPN on the remote site.
Example of the configuration:
Note: Policy Routes must be removed before changing, disabling VPN Topology or unregister NSG from that site.
Tagged:
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight