How to use a dedicated WAN interface to access a specific IP address by Policy Route?
Scenario :
If a user has dual WAN settings with TRUNK, when the LAN client tries to access a specific IP address but fails due to not trusting one of the WAN IP addresses from the firewall, how can this be resolved?
For example, the ATP500 has dual WAN (ge2 IP 10.214.48.42 for WAN1 and ge3 IP 10.214.48.52 for WAN2), and the destination IP 10.214.48.66 only allows access from the IP 10.214.48.42. However, ATP500's TRUNK setting would route the outgoing traffic's source IP to WAN2's IP, not WAN1's IP, which would prevent the connection from being established normally.
ATP500's WAN setting :
ATP500's TRUNK setting :
Answer :
Navigate to Configuration > Object > Address > to add an address object for the destination IP 10.214.48.66.
Navigate to Configuration > Network > Routing > to add a policy route to define the lan1 subnet client can access 10.214.48.66 through ge2(10.214.48.42) WAN1 interface.
The Policy Route has been completed.
Please make sure that the security policy allows LAN1 to access the destination 10.214.48.66.
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 415 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight