ZyXEL Communications 1000 Manuel D’Utilisation

Chapter 6 Configuration Basics

ZyWALL USG 1000 User’s Guide

Example: You have an FTP server connected to ge4 (in the DMZ zone). You want 
to limit the amount of FTP traffic that goes out from the FTP server through your 
WAN connection. 

Create an address object for the FTP server (Object > Address). 

Click Configuration > Network > Routing > Policy Route to go to the policy 
route configuration screen. Add a policy route.

Name the policy route.

Select the interface that the traffic comes in through (ge4 in this example). 

Select the FTP server’s address as the source address.

You don’t need to specify the destination address or the schedule. 

For the service, select FTP.

For the Next Hop fields, select Interface as the Type if you have a single WAN 
connection or Trunk if you have multiple WAN connections.

Select the interface that you are using for your WAN connection (ge2 and ge3 are 
the default WAN interfaces). If you have multiple WAN connections, select the 
trunk. 

Specify the amount of bandwidth FTP traffic can use. You may also want to set a 

low priority for FTP traffic.

Note: The ZyWALL checks the policy routes in the order that they are listed. So make 

sure that your custom policy route comes before any other routes that would 
also match the FTP traffic.

Use static routes to tell the ZyWALL about networks not directly connected to the 
ZyWALL. 

Criteria: users, user groups, interfaces (incoming), IPSec VPN 
(incoming), addresses (source, destination), address groups (source, 
destination), schedules, services, service groups

Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks, 
interfaces

NAT: addresses (translated address), services and service groups 
(port triggering)