uOS - Policy Based VPN with Policy Routes
Options
Zyxel_Claudia
Posts: 254 
Zyxel Employee
Zyxel Employee
Policy Based VPN with Dynamic Peers
This update enables Policy Routes to work with Dynamic Peer VPN tunnels. 
Routing Logic and Limitations
When a policy route uses a dynamic VPN tunnel as the next hop, a unique rule applies: the destination address in the policy route is ignored. Instead, the firewall automatically uses the remote site's subnets as the destination.
Benefits for Tunnel Conservation
This feature is highly effective for conserving IPSec tunnels. Instead of creating individual Phase 2 SAs for every possible subnet combination between a hub and multiple spokes, administrators can create a single broad tunnel and use policy routes to direct specific traffic. This reduces the total number of active SAs, saving system resources on the hub firewall.
0
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 477 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight