What You Need To Know - ZyXEL Communications ZyWall 110 User Manual
Security firewalls
Hide thumbs
Also See for ZyWall 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
10.1.2 What You Need to Know
Policy Routing
Traditionally, routing is based on the destination address only and the ZyWALL/USG takes the
shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the
default routing behavior and alter the packet forwarding based on the policy defined by the network
administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to
the normal routing.
How You Can Use Policy Routing
• Source-Based Routing – Network administrators can use policy-based routing to direct traffic
from different users through different connections.
• Bandwidth Shaping – You can allocate bandwidth to traffic that matches routing policies and
prioritize traffic (however the application patrol's bandwidth management is more flexible and
recommended for TCP and UDP traffic). You can also use policy routes to manage other types of
traffic (like ICMP traffic) and send traffic through VPN tunnels.
Note: Bandwidth management in policy routes has priority over application patrol
bandwidth management.
• Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-
cost paths while using low-cost paths for batch traffic.
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
• NAT - The ZyWALL/USG performs NAT by default for traffic going to or from the WAN interfaces.
A routing policy's SNAT allows network administrators to have traffic received on a specified
interface use a specified IP address as the source IP address.
Note: The ZyWALL/USG automatically uses SNAT for traffic it routes from internal
interfaces to external interfaces. For example LAN to WAN traffic.
Static Routes
The ZyWALL/USG usually uses the default gateway to route outbound traffic from computers on the
LAN to the Internet. To have the ZyWALL/USG send data to devices not reachable through the
default gateway, use static routes. Configure static routes if you need to use RIP or OSPF to
propagate the routing information to other routers. See
and OSPF.
Policy Routes Versus Static Routes
• Policy routes are more flexible than static routes. You can select more criteria for the traffic to
match and can also use schedules, NAT, and bandwidth management.
• Policy routes are only used within the ZyWALL/USG itself. Static routes can be propagated to
other routers using RIP or OSPF.
• Policy routes take priority over static routes. If you need to use a routing policy on the ZyWALL/
USG and propagate it to other routers, you could configure a policy route and an equivalent static
route.
Chapter 10 Routing
ZyWALL/USG Series User's Guide
264
Chapter 10 on page 275
for more on RIP
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
