1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 58
Page 286 / 944 Scroll up to view Page 281 - 285
Chapter 13 Policy and Static Routes
ZyWALL USG 50 User’s Guide
286
DSCP Code
This is the DSCP value of incoming packets to which this policy route
applies.
any
means all DSCP values or no DSCP marker.
default
means traffic with a DSCP value of 0. This is usually best effort
traffic
The “
af
” entries stand for Assured Forwarding. The number following the
af
” identifies one of four classes and one of three drop preferences. See
Assured Forwarding (AF) PHB for DiffServ on page 293
for more details.
Service
This is the name of the service object.
any
means all services.
Next-Hop
This is the next hop to which packets are directed. It helps forward
packets to their destinations and can be a router, VPN tunnel, outgoing
interface or trunk.
DSCP Marking
This is how the ZyWALL handles the DSCP value of the outgoing packets
that match this route. If this field displays a DSCP value, the ZyWALL
applies that DSCP value to the route’s outgoing packets.
preserve
means the ZyWALL does not modify the DSCP value of the
route’s outgoing packets.
default
means the ZyWALL sets the DSCP value of the route’s outgoing
packets to 0.
The “
af
” choices stand for Assured Forwarding. The number following the
af
” identifies one of four classes and one of three drop preferences. See
Assured Forwarding (AF) PHB for DiffServ on page 293
for more details.
SNAT
This is the source IP address that the route uses.
It displays
none
if the ZyWALL does not perform NAT for this route.
BWM
This is the maximum bandwidth allotted to the policy.
0
means there is
no bandwidth limitation for this route.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 76
Configuration > Network > Routing > Policy Route (continued)
LABEL
DESCRIPTION
Page 287 / 944
Chapter 13 Policy and Static Routes
ZyWALL USG 50 User’s Guide
287
13.2.1
Policy Route Edit Screen
Click
Configuration > Network > Routing
to open the
Policy Route
screen.
Then click the
Add
or
Edit
icon to open the
Policy Route Edit
screen. Use this
screen to configure or edit a policy route.
Figure 176
Configuration > Network > Routing > Policy Route > Add
The following table describes the labels in this screen.
Table 77
Configuration > Network > Routing > Policy Route > Edit
LABEL
DESCRIPTION
Create new
Object
Use this to configure any new settings objects that you need to use in
this screen.
Configuration
Enable
Select this to activate the policy.
Description
Enter a descriptive name of up to 31 printable ASCII characters for the
policy.
Criteria
User
Select a user name or user group from which the packets are sent.
Page 288 / 944
Chapter 13 Policy and Static Routes
ZyWALL USG 50 User’s Guide
288
Incoming
Select where the packets are coming from; any, an interface, a tunnel,
an SSL VPN, or the ZyWALL itself. For an interface, a tunnel, or an SSL
VPN, you also need to select the individual interface, VPN tunnel, or SSL
VPN connection.
Source Address
Select a source IP address object from which the packets are sent.
Destination
Address
Select a destination IP address object to which the traffic is being sent.
If the next hop is a dynamic VPN tunnel and you enable
Auto
Destination Address
, the ZyWALL uses the local network of the peer
router that initiated an incoming dynamic IPSec tunnel as the
destination address of the policy instead of your configuration here.
DSCP Code
Select a DSCP code point value of incoming packets to which this policy
route applies or select
User Defined
to specify another DSCP code
point. The lower the number the higher the priority with the exception of
0 which is usually given only best-effort treatment.
any
means all DSCP value or no DSCP marker.
default
means traffic with a DSCP value of 0. This is usually best effort
traffic
The “
af
” choices stand for Assured Forwarding. The number following
the “
af
” identifies one of four classes and one of three drop preferences.
See
Assured Forwarding (AF) PHB for DiffServ on page 293
for more
details.
User-
Defined
DSCP Code
Use this field to specify a custom DSCP code point.
Schedule
Select a schedule to control when the policy route is active.
none
means the route is active at all times if enabled.
Service
Select a service or service group to identify the type of traffic to which
this policy route applies.
Next-Hop
Type
Select
Auto
to have the ZyWALL use the routing table to find a next-hop
and forward the matched packets automatically.
Select
Gateway
to route the matched packets to the next-hop router or
switch you specified in the
Gateway
field. You have to set up the next-
hop router or switch as a HOST address object first.
Select
VPN Tunnel
to route the matched packets via the specified VPN
tunnel.
Select
Trunk
to route the matched packets through the interfaces in the
trunk group based on the load balancing algorithm.
Select
Interface
to route the matched packets through the specified
outgoing interface to a gateway (which is connected to the interface).
Gateway
This field displays when you select
Gateway
in the
Type
field. Select a
HOST address object. The gateway is an immediate neighbor of your
ZyWALL that will forward the packet to the destination. The gateway
must be a router or switch on the same segment as your ZyWALL's
interface(s).
Table 77
Configuration > Network > Routing > Policy Route > Edit (continued)
LABEL
DESCRIPTION
Page 289 / 944
Chapter 13 Policy and Static Routes
ZyWALL USG 50 User’s Guide
289
VPN Tunnel
This field displays when you select
VPN Tunnel
in the
Type
field. Select
a VPN tunnel through which the packets are sent to the remote network
that is connected to the ZyWALL directly.
Auto
Destination
Address
This field displays when you select
VPN Tunnel
in the
Type
field. Select
this to have the ZyWALL use the local network of the peer router that
initiated an incoming dynamic IPSec tunnel as the destination address of
the policy.
Leave this cleared if you want to manually specify the destination
address.
Trunk
This field displays when you select
Trunk
in the
Type
field. Select a
trunk group to have the ZyWALL send the packets via the interfaces in
the group.
Interface
This field displays when you select
Interface
in the
Type
field. Select
an interface to have the ZyWALL send traffic that matches the policy
route through the specified interface.
Auto-
Disable
This field displays when you select
Interface
or
Trunk
in the
Type
field. Select this to have the ZyWALL automatically disable this policy
route when the next hop’s connection is down.
DSCP Marking
DSCP Marking
Set how the ZyWALL handles the DSCP value of the outgoing packets
that match this route.
Select one of the pre-defined DSCP values to apply or select
User
Defined
to specify another DSCP value. The “
af
” choices stand for
Assured Forwarding. The number following the “
af
” identifies one of four
classes and one of three drop preferences. See
Assured Forwarding (AF)
PHB for DiffServ on page 293
for more details.
Select
preserve
to have the ZyWALL keep the packets’ original DSCP
value.
Select
default
to have the ZyWALL set the DSCP value of the packets to
0.
User-
Defined
DSCP Code
Use this field to specify a custom DSCP value.
Address
Translation
Use this section to configure NAT for the policy route. This section does
not apply to policy routes that use a VPN tunnel as the next hop.
Table 77
Configuration > Network > Routing > Policy Route > Edit (continued)
LABEL
DESCRIPTION
Page 290 / 944
Chapter 13 Policy and Static Routes
ZyWALL USG 50 User’s Guide
290
Source
Network
Address
Translation
Select
none
to not use NAT for the route.
Select
outgoing-interface
to use the IP address of the outgoing
interface as the source IP address of the packets that matches this
route. If you select
outgoing-interface
, you can also configure port
trigger settings for this interface.
To use SNAT for a virtual interface that is in the same WAN trunk as the
physical interface to which the virtual interface is bound, the virtual
interface and physical interface must be in different subnets.
Otherwise, select a pre-defined address (group) to use as the source IP
address(es) of the packets that match this route.
Use
Create new Object
if you need to configure a new address (group)
to use as the source IP address(es) of the packets that match this route.
Port Triggering
Configure trigger port forwarding to allow computers on the LAN to
dynamically take turns using a service that uses a dedicated range of
ports on the client side and a dedicated range of ports on the server
side.
Note: You need to create a firewall rule to allow an incoming service
before using a port triggering rule.
Add
Click this to create a new entry. Select an entry and click
Add
to create
a new entry after the selected entry.
Edit
Select an entry and click this to be able to modify it. You can also just
double-click an entry to be able to modify it.
Remove
Select an entry and click this to delete it.
Move
The ordering of your rules is important as they are applied in order of
their numbering.
To move an entry to a different number in the list, click the
Move
icon.
In the field that appears, specify the number to which you want to move
the entry.
#
This is the rule index number.
Incoming
Service
Select the service that the client computer sends to a remote server.
The incoming service should have the same service or protocol type as
what you configured in the
Service
field.
Trigger
Service
Select a service that a remote server sends. It causes (triggers) the
ZyWALL to forward the traffic (received on the
outgoing interface
) to
the client computer that requested the service.
Bandwidth
Shaping
This allows you to allocate bandwidth to a route and prioritize traffic that
matches the routing policy.
You must also enable bandwidth management in the main policy route
screen (
Network > Routing > Policy Route
) in order to apply
bandwidth shaping.
Table 77
Configuration > Network > Routing > Policy Route > Edit (continued)
LABEL
DESCRIPTION

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top