uOS – Packet Flow Explorer

Zyxel_Claudia

1. What is Packet Flow Explorer?

The Packet Flow Explorer is a powerful troubleshooting tool in uOS firewalls that helps administrators analyze how traffic is processed. It shows how the firewall makes decisions based on routing, NAT, and policy rules.

This tool is essential when multiple firewall rules overlap or conflict, allowing users to see which rule takes priority and why.

2. Packet Processing Order

The firewall processes traffic in a hierarchy to determine the best rule. The Packet Flow Explorer visualizes this hierarchy in two main sections:

• Routing Flow (Decides where the traffic goes)
• SNAT Flow (Decides how NAT is applied)

Routing Flow Hierarchy

When a packet enters the firewall, it checks routing rules in this order:

• VPN Routes (Policy-Based VPN and Remote Access VPN)
• Direct Routes (From WAN, LAN, VLAN, Bridge, VTI Interfaces)
• Policy Routes (Manually configured priority routes)
• Static Routes (Manually set static paths)
• Nebula VPN Routes (Routes created by Nebula VPN)
• Source NAT (SNAT) Rules (Rules that translate IP addresses)
• Default WAN Trunk (Load-balancing or failover WAN settings)
• Main Route (Fallback routing, if no other rule applies)

SNAT Flow Hierarchy

Once the firewall determines where the traffic goes, it applies NAT rules (if enabled). The SNAT flow processes traffic in this order:

• VPN SNAT (NAT rules inside Policy-Based VPN)
• Policy Route SNAT (NAT rules inside Policy Routing)
• 1-to-1 NAT (Static NAT rules)
• Loopback NAT (For accessing internal servers via public IP)
• Default SNAT (Applied on WAN interfaces for outbound Internet traffic)