ZyXEL Communications 200 Series User Manual page 282

Chapter 12 Policy and Static Routes
Table 90 Network > Routing > Policy Route > Edit (continued)
LABEL
Schedule
Service
Next-Hop
Type
Gateway
VPN Tunnel
Auto
Destination
Address
Trunk
Interface
Address
Translation
Source Network
Address
Translation
Port Triggering
#
282
DESCRIPTION
Select a schedule or select Create Object to configure a new one (see
on page 619 for details). none means the route is active at all times if enabled.
Select a service or service group from the drop-down list box. Select Create
Object to add a new service. See
information.
Select Auto to have the ZyWALL use the routing table to find a next-hop and
forward the matched packets automatically.
Select Gateway to route the matched packets to the next-hop router or switch you
specified in the Gateway field. You have to set up the next-hop router or switch as
a HOST address object first.
Select VPN Tunnel to route the matched packets via the specified VPN tunnel.
Select Trunk to route the matched packets through the interfaces in the trunk
group based on the load balancing algorithm.
Select Interface to route the matched packets through the specified outgoing
interface to a gateway (which is connected to the interface).
This field displays when you select Gateway in the Type field. Select a HOST
address object. The gateway is an immediate neighbor of your ZyWALL that will
forward the packet to the destination. The gateway must be a router or switch on
the same segment as your ZyWALL's interface(s).
This field displays when you select VPN Tunnel in the Type field. Select a VPN
tunnel through which the packets are sent to the remote network that is connected
to the ZyWALL directly.
This field displays when you select VPN Tunnel in the Type field. Select this to
have the ZyWALL use the local network of the peer router that initiated an
incoming dynamic IPSec tunnel as the destination address of the policy.
Leave this cleared if you want to manually specify the destination address.
This field displays when you select Trunk in the Type field. Select a trunk group to
have the ZyWALL send the packets via the interfaces in the group.
This field displays when you select Interface in the Type field. Select an interface
to have the ZyWALL send traffic that matches the policy route through the
specified interface.
Use this section to configure NAT for the policy route. This section does not apply
to policy routes that use a VPN tunnel as the next hop.
Select none to not use NAT for the route.
Select outgoing-interface to use the IP address of the outgoing interface as the
source IP address of the packets that matches this route. If you select outgoing-
interface, you can also configure port trigger settings for this interface.
Otherwise, select a pre-defined address (group) to use as the source IP
address(es) of the packets that match this route.
Select Create Object to configure a new address (group) to use as the source IP
address(es) of the packets that match this route.
Configure trigger port forwarding to allow computers on the LAN to dynamically
take turns using a service that uses a dedicated range of ports on the client side
and a dedicated range of ports on the server side.
Note: You need to create a firewall rule to allow an incoming service
before using a port triggering rule.
This is the rule index number.
Section 37.2.1 on page 615
ZyWALL USG 100/200 Series User's Guide
Chapter 38
for more