Multiple providers

WhoYouNow
WhoYouNow Posts: 10  Freshman Member
First Comment First Anniversary
edited July 23 in Nebula

Good day! Thank you for your answers to the previous questions.
Now I have encountered the fact that having several providers, I have micro switches between them, which lead to a break in communication.
Tell me, where can I correctly configure the broadcast of a certain LAN zone to the provider I need?
Now each provider is in my own WAN zone
Now each local network is in my own LAN zone
Example:

image.png


image.png image.png

Accepted Solution

  • Zyxel_Tina
    Zyxel_Tina Posts: 175  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers First Comment
    Answer ✓

    Hi @WhoYouNow,

    Based on your description, it seems that you want to specify which LAN zone sends traffic via a specific WAN interface. You mentioned that you’ve already tried to configure a security policy, but that method did not affect how traffic is routed, because security policies are used to allow or block traffic after the routing decision has already been made.

    To route traffic from a specific LAN to a specific WAN interface, you need to use a policy route instead.

    Here’s an example based on your scenario to configure the policy route:

    • LAN zone: WORK_LAN (192.168.88.1)
    • WAN zone: TEST_WAN (101.10.0.200)
    • Goal: All traffic from WORK_LAN should go out via TEST_WAN

    Configuration steps:

    1. Go to Configuration > Network > Routing > Policy Route
    2. Click Add
    3. Fill in the rule as follows:
      • Incoming Interface: Interface (select LAN as member)
      • Source IP: WORK_LAN (Specify the LAN zone)
      • Destination IP: any
      • Next-Hop Type: Interface
      • Interface: TEST_WAN
      • SNAT: Outgoing Interface
    4. Apply the rule

    Note: Ensure the order of your policy routes is correct, as the firewall processes rules from top to bottom.

    For detailed instructions, please refer to this

    https://community.zyxel.com/en/discussion/27679/how-to-route-traffic-from-one-lan-to-the-internet-via-a-specific-wan

    .

    If you encounter any problems, please provide your network topology, as well as the model name and firmware version of the device you're trying to configure. This information will help us assist you more accurately.

    Zyxel Tina

All Replies

  • WhoYouNow
    WhoYouNow Posts: 10  Freshman Member
    First Comment First Anniversary

    And I have a security policy that didn't work

    image.png
  • Zyxel_Tina
    Zyxel_Tina Posts: 175  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers First Comment
    Answer ✓

    Hi @WhoYouNow,

    Based on your description, it seems that you want to specify which LAN zone sends traffic via a specific WAN interface. You mentioned that you’ve already tried to configure a security policy, but that method did not affect how traffic is routed, because security policies are used to allow or block traffic after the routing decision has already been made.

    To route traffic from a specific LAN to a specific WAN interface, you need to use a policy route instead.

    Here’s an example based on your scenario to configure the policy route:

    • LAN zone: WORK_LAN (192.168.88.1)
    • WAN zone: TEST_WAN (101.10.0.200)
    • Goal: All traffic from WORK_LAN should go out via TEST_WAN

    Configuration steps:

    1. Go to Configuration > Network > Routing > Policy Route
    2. Click Add
    3. Fill in the rule as follows:
      • Incoming Interface: Interface (select LAN as member)
      • Source IP: WORK_LAN (Specify the LAN zone)
      • Destination IP: any
      • Next-Hop Type: Interface
      • Interface: TEST_WAN
      • SNAT: Outgoing Interface
    4. Apply the rule

    Note: Ensure the order of your policy routes is correct, as the firewall processes rules from top to bottom.

    For detailed instructions, please refer to this

    https://community.zyxel.com/en/discussion/27679/how-to-route-traffic-from-one-lan-to-the-internet-via-a-specific-wan

    .

    If you encounter any problems, please provide your network topology, as well as the model name and firmware version of the device you're trying to configure. This information will help us assist you more accurately.

    Zyxel Tina

  • WhoYouNow
    WhoYouNow Posts: 10  Freshman Member
    First Comment First Anniversary

    Thanks for the answer! I will definitely try your setup. But now I heve another problem:
    after transferring FLEX to another site, it loaded the local configuration file, it's OK
    But Nebula interface it was lit by default. I tried the override option but nothing changed, maybe there is a long waiting time for this?

  • Zyxel_Tina
    Zyxel_Tina Posts: 175  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers First Comment

    Hi @WhoYouNow,

    It may take some time for configuration changes or device status updates to be reflected. If you continue to experience issues, please provide your organization name and grant Zyxel support access to your organization and device administrator by navigating to User & Authentication > User/Group > Local Administrator and adding an admin profile via the GUI. This will allow us to further investigate the problem.

    image.png

    Zyxel Tina

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)