USG110 - Fixed Zone Allocation to WAN Ports possible?

USG_User
USG_User Posts: 369  Master Member
First Anniversary 10 Comments Friend Collector First Answer
We've got a little lack of clarity. Since a few days we got a second internet connection, means both WAN ports are occupied right now where each connection has its own fixed IP address.
Now we got different opportunities to arrange a BWM between both, called "spillover", "weighted round robin" or "least load first". But this is not what we are intending to arrange. We would like to allocate different internal zones, like LAN1 and LAN2 to WAN1 while other zones, like DMZ should be allocated to WAN2. There should not be any kind of redundancy between the two WANs. In case one WAN is malfunctioning, the connected internal USG zones have no internet access.
But we don't find any options to arrange this behaviour. Is that even possible?

All Replies

  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    You can force zones to use given WAN in routing rule from a given incoming interface to next hop.


  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks Peter. We are always shying away from creating permanent routing rules. But maybe we should give it a try.
    In that case, do we have to use ROUTING > POLICY ROUTE with option enabled: "IPv4 Policy Routes to overwrite Direct Route"?
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Hi @USG_User,

    Please add following rules into Policy Route.
    (Configuration > Network > Routing > Policy Route)


  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks Can,
    We've got different Security Policies in place to control not only the outgoing traffic to the internet, but also the traffic between different USG interfaces, for example from LAN2 to LAN1. If we set the "next hop" for LAN1/LAN2 to WAN1, is then any traffic between LAN1 and LAN2 prevented because it will be routed to WAN1 in any case?
    Or will the "next hop" only be applied for "internet" packets which are not identified as "local traffic" (private IPs of different USG zones)?
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @USG_User,

     

    You can check Routing Flow;

    (Maintenance > Packet Flow Explore > Routing Status)

    If in your flow Direct Route comes before Policy Route, your LAN1-LAN2 traffic still works.

     

    If it’s not, please make sure Use IPv4 Policy Route to Overwrite Direct Route checkbox is not checked.

    (Configuration > Network > Routing > Policy Route > Advance)



Security Highlight