ZyXEL Communications ISG50 User Manual

 Chapter 6 Configuration Basics

ISG50 User’s Guide

Example: You have an FTP server connected to P6 (in the DMZ zone). You want to limit the 
amount of FTP traffic that goes out from the FTP server through your WAN connection. 

Create an address object for the FTP server (Object > Address). 

Click Configuration > Network > Routing > Policy Route to go to the policy route 
configuration screen. Add a policy route.

Name the policy route.

Select the interface that the traffic comes in through (P3 in this example). 

Select the FTP server’s address as the source address.

You don’t need to specify the destination address or the schedule. 

For the service, select FTP.

For the Next Hop fields, select Interface as the Type if you have a single WAN connection or 
Trunk if you have multiple WAN connections.

Select the interface that you are using for your WAN connection (wan1 and wan2 are the default 
WAN interfaces). If you have multiple WAN connections, select the trunk. 

Specify the amount of bandwidth FTP traffic can use. You may also want to set a low 

priority for FTP traffic.

Note: The ISG50 checks the policy routes in the order that they are listed. So make sure 

that your custom policy route comes before any other routes that would also match 

the FTP traffic.

Use static routes to tell the ISG50 about networks not directly connected to the ISG50. 

See 

 for background information. A zone is a group of interfaces and VPN 

tunnels. The ISG50 uses zones, not interfaces, in many security settings, such as firewall rules and 
remote management.

Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), 
addresses (source, destination), address groups (source, destination), 
schedules, services, service groups

Next-hop: addresses (HOST gateway), IPSec VPN, trunks, interfaces

NAT: addresses (translated address), services and service groups (port 
triggering)

Interfaces