ZyXEL Communications ZyWall USG 2000 User Manual page 108

Chapter 6 Configuration Basics
and general NAT on the source address. You have to set up the criteria, next-hops,
and NAT settings first.
MENU ITEM(S)
PREREQUISITES
Example: You have an FTP server connected to ge4 (in the DMZ zone). You want
to limit the amount of FTP traffic that goes out from the FTP server through your
WAN connection.
Create an address object for the FTP server (Object > Address).
1
Click Configuration > Network > Routing > Policy Route to go to the policy
2
route configuration screen. Add a policy route.
Name the policy route.
3
Select the interface that the traffic comes in through (ge4 in this example).
4
Select the FTP server's address as the source address.
5
You don't need to specify the destination address or the schedule.
6
For the service, select FTP.
7
For the Next Hop fields, select Interface as the Type if you have a single WAN
8
connection or Trunk if you have multiple WAN connections.
Select the interface that you are using for your WAN connection (ge2 and ge3 are
9
the default WAN interfaces). If you have multiple WAN connections, select the
trunk.
10 Specify the amount of bandwidth FTP traffic can use. You may also want to set a
low priority for FTP traffic.
Note: The ZyWALL checks the policy routes in the order that they are listed. So make
sure that your custom policy route comes before any other routes that would
also match the FTP traffic.
108
Configuration > Network > Routing > Policy Route
Criteria: users, user groups, interfaces (incoming), IPSec VPN
(incoming), addresses (source, destination), address groups (source,
destination), schedules, services, service groups
Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks,
interfaces
NAT: addresses (translated address), services and service groups
(port triggering)
ZyWALL USG 2000 User's Guide