more Policy Route

mslagmolen
mslagmolen Posts: 5  Freshman Member
First Comment Friend Collector
edited April 2021 in Nebula
Currently we can only configure 20 Policy Routes.
i would like to add more than 20 policies.

Comments

  • Zyxel_Chris
    Zyxel_Chris Posts: 709  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    edited January 2019
    Could you please share the detail information about your application, we can learn more and fulfill your request. =)

    /Chris

  • mslagmolen
    mslagmolen Posts: 5  Freshman Member
    First Comment Friend Collector
    Hi Chris,

    i've uploaded a screenshot of the policy routes.
    We need more than 20 policies in this segment.
  • Zyxel_Chris
    Zyxel_Chris Posts: 709  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hello @mslagmolen
    Thanks for your information, I noticed that you have specify the source port but in normal case the client usually use the random port as the source to connect with server, is there any special needed in your application?
    BTW, just remind we still support CIDR in policy route, for instance if there are 2 subnet 172.16.192.0/24 and 172.16.193.0/24 you can sort it to 172.16.192.0/23 in this case it can help to use 1 rule include 2 subnet, hope it can help before the enhancement.

    /Chris
  • mslagmolen
    mslagmolen Posts: 5  Freshman Member
    First Comment Friend Collector
    Hi @Nebula_Chris

    The problem is that we have different client devices that need different access to the network.
    So we've got several RDP ports we need to open and other specific port to specific IP adresses.

    If i look at the normal USG units we can create allot of port-forwardings, open port and port redirections but i miss these kind of basic settings or are the NSG units created for small offices up to 5 clients? because 20 policies aren't allot to be honest.
  • Zyxel_Chris
    Zyxel_Chris Posts: 709  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hi @mslagmolen
    I assume you have the RDP servers which located NSG LAN site and client will access via the internet, if it is the case you actually don't need the policy route just simply set the virtual server at Gateway>Firewall>NAT.

    Hope this is what you want, let me know if any needed.

    /Chris
  • mslagmolen
    mslagmolen Posts: 5  Freshman Member
    First Comment Friend Collector
    Hi @Nebula_Chris

    That does work but we cannot define UDP or TCP with the virtual server.
    And we can with the Policy route but 20 policies isn't enough :(

    Most Firewall give you the option to define all rules like you would like to, as does the new ATP firewall. But the NSG firewall is quite basic in terms of firewall policies and options you have.

    I would like to see a more advanced setting menu for firewall policies and or rules.
  • Zyxel_Chris
    Zyxel_Chris Posts: 709  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hello @mslagmolen
    Thanks for your feedback, understand what your require, the concept of NSG series is plug and play for the beginner, hence it still have the place to enhance and we have did it on every release patch. 
    We'll evaluate it, so stay tuned. =)

    /Chris
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    Hi @mslagmolen
    We already have the request to add protocol settings (TCP/UDP) in the virtual server rules and we will implement it this year possibly.
    Once having this released, would you still need to set more policy routes? 
    Seems your need can be achieved only using virtual server and no need to create multiple policy route rules :smiley:

    Let us know your thoughts! Thanks :)
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary

    Hey @mslagmolen

    The option to support TCP/UDP selection in virtual server rules is now available on the new Nebula interface. Feel free to try it out! ?

  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary

    Hey @mslagmolen

    Forgot to update you here but I guess you already know :)

    The policy route entries is now supported according to the NSG device model:

    NSG50:50

    NSG100:100

    NSG200:200

    NSG300:300

    Hope this are great news for you ?

Nebula Tips & Tricks