ZyXEL Communications unified security gateway User Manual
Chapter 13 Policy and Static Routes
ZyWALL USG 20/20W User’s Guide
298
• Use the Static Route screens (see
) to list and
configure static routes.
13.1.2 What You Need to Know
Policy Routing
Traditionally, routing is based on the destination address only and the ZyWALL
takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a
mechanism to override the default routing behavior and alter the packet
forwarding based on the policy defined by the network administrator. Policy-based
routing is applied to incoming packets on a per interface basis, prior to the normal
routing.
takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a
mechanism to override the default routing behavior and alter the packet
forwarding based on the policy defined by the network administrator. Policy-based
routing is applied to incoming packets on a per interface basis, prior to the normal
routing.
How You Can Use Policy Routing
• Source-Based Routing – Network administrators can use policy-based routing to
direct traffic from different users through different connections.
• Bandwidth Shaping – You can allocate bandwidth to traffic that matches routing
policies and prioritize traffic. You can also use policy routes to manage other
types of traffic (like ICMP traffic) and send traffic through VPN tunnels.
• Cost Savings – IPPR allows organizations to distribute interactive traffic on high-
bandwidth, high-cost paths while using low-cost paths for batch traffic.
• Load Sharing – Network administrators can use IPPR to distribute traffic among
multiple paths.
• NAT - The ZyWALL performs NAT by default for traffic going to or from the WAN
interfaces. A routing policy’s SNAT allows network administrators to have traffic
received on a specified interface use a specified IP address as the source IP
address.
Note: The ZyWALL automatically uses SNAT for traffic it routes from internal
interfaces to external interfaces. For example LAN to WAN traffic.
Static Routes
The ZyWALL usually uses the default gateway to route outbound traffic from
computers on the LAN to the Internet. To have the ZyWALL send data to devices
not reachable through the default gateway, use static routes. Configure static
routes if you need to use RIP or OSPF to propagate the routing information to
other routers. See
computers on the LAN to the Internet. To have the ZyWALL send data to devices
not reachable through the default gateway, use static routes. Configure static
routes if you need to use RIP or OSPF to propagate the routing information to
other routers. See
Policy Routes Versus Static Routes
• Policy routes are more flexible than static routes. You can select more criteria
for the traffic to match and can also use schedules, NAT, and bandwidth
management.