Filter
Top Products
ZyWALL USG 1000 User’s Guide
225
CHAPTER 12
Policy and Static Routes
This chapter shows you how to configure policies for IP routing and static routes on your
ZyWALL. See Section 5.4.10 on page 117 for related information on the policy route screens.
12.1 Policy Route
Traditionally, routing is based on the destination address only and the ZyWALL takes the
shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override
the default routing behavior and alter the packet forwarding based on the policy defined by the
network administrator. Policy-based routing is applied to incoming packets on a per interface
basis, prior to the normal routing.
12.1.1 Benefits
• Source-Based Routing – Network administrators can use policy-based routing to direct
traffic from different users through different connections.
• Bandwidth Shaping – Organizations can allocate bandwidth to traffic that matches the
routing policy and prioritize traffic.
• Cost Savings – IPPR allows organizations to distribute interactive traffic on high-
bandwidth, high-cost paths while using low-cost paths for batch traffic.
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple
paths.
• NAT - The ZyWALL performs NAT by default for traffic going to or from the ge1
interface. Routing policy’s SNAT allows network administrators to have traffic received
on a specified interface use a specified IP address as the source IP address.
12.2 Routing Policy
Individual routing policies are used as part of the overall IPPR process. A policy defines the
matching criteria and the action to take when a packet meets the criteria. The action is taken
only when all the criteria are met. The criteria can include the user name, source address and
incoming interface, destination address, schedule, IP protocol (ICMP, UDP, TCP, etc.) and
port.
The actions that can be taken include:
• Routing the packet to a different gateway, outgoing interface, VPN tunnel, or trunk.
• Limiting the amount of bandwidth available and setting a priority for traffic.