Filter
Top Products
Chapter 5 Configuration Basics
ZyWALL USG 300 User’s Guide
117
Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most one zone.
Virtual interfaces are automatically assigned to the same zone as the interface on which they
run.
When you create a zone, the ZyWALL does not create any firewall rules, assign an IDP
profile, or configure service control for the new zone.
Example: For example, to create the DMZ-2 zone and add ge5 as in the network topology
example, click Network > Zone and then the Add icon.
5.4.8 Device HA
Use device HA to create redundant backup gateways. The ZyWALL runs VRRP v2. You can
only set up device HA with other ZyWALLs of the same model running the same firmware
version.
Example: See Chapter 6 on page 125.
5.4.9 DDNS
Dynamic DNS maps a domain name to a dynamic IP address. The ZyWALL helps maintain
this mapping.
5.4.10 Policy Routes
Use policy routes to control the routing of packets through the ZyWALL’s interfaces, trunks,
and VPN connections. You also use policy routes for bandwidth management (out of the
ZyWALL), port triggering, and general NAT on the source address. You have to set up the
criteria, next-hops, and NAT settings in other screens first.
Example: You have an FTP server connected to ge 4 (in the DMZ zone). You want to limit
the amount of FTP traffic that goes out from the FTP server through your WAN connection.
1 Create an address object for the FTP server (Object > Address).
MENU ITEM(S)
Network > Zone
PREREQUISITES
Interfaces, IPSec VPN, SSL VPN
WHERE USED
Firewall, IDP, service control, anti-virus, ADP, application patrol
MENU ITEM(S)
Device HA
PREREQUISITES
Interfaces (with a static IP address), to-ZyWALL firewall
MENU ITEM(S)
Network > DDNS
PREREQUISITES
Interfaces
MENU ITEM(S)
Network > Routing > Policy Route
PREREQUISITES
Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming),
addresses (source, destination), address groups (source, destination),
schedules, services, service groups
Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks, interfaces
NAT: addresses (translated address), services and service groups (port
triggering)