Chapter 13 Policy and Static Routes

Table 77 Configuration > Network > Routing > Policy Route > Edit (continued)

LABEL

DESCRIPTION

Incoming

Select where the packets are coming from; any, an interface, a tunnel,

 

an SSL VPN, or the ZyWALL itself. For an interface, a tunnel, or an SSL

 

VPN, you also need to select the individual interface, VPN tunnel, or SSL

 

VPN connection.

 

 

Source Address

Select a source IP address object from which the packets are sent.

 

 

Destination

Select a destination IP address object to which the traffic is being sent.

Address

If the next hop is a dynamic VPN tunnel and you enable Auto

 

Destination Address, the ZyWALL uses the local network of the peer

 

router that initiated an incoming dynamic IPSec tunnel as the

 

destination address of the policy instead of your configuration here.

 

 

DSCP Code

Select a DSCP code point value of incoming packets to which this policy

 

route applies or select User Defined to specify another DSCP code

 

point. The lower the number the higher the priority with the exception of

 

0 which is usually given only best-effort treatment.

 

any means all DSCP value or no DSCP marker.

 

default means traffic with a DSCP value of 0. This is usually best effort

 

traffic

 

The “af” choices stand for Assured Forwarding. The number following

 

the “af” identifies one of four classes and one of three drop preferences.

 

See Assured Forwarding (AF) PHB for DiffServ on page 293 for more

 

details.

 

 

User-

Use this field to specify a custom DSCP code point.

Defined

 

DSCP Code

 

 

 

Schedule

Select a schedule to control when the policy route is active. none

 

means the route is active at all times if enabled.

 

 

Service

Select a service or service group to identify the type of traffic to which

 

this policy route applies.

 

 

Next-Hop

 

 

 

Type

Select Auto to have the ZyWALL use the routing table to find a next-hop

 

and forward the matched packets automatically.

 

Select Gateway to route the matched packets to the next-hop router or

 

switch you specified in the Gateway field. You have to set up the next-

 

hop router or switch as a HOST address object first.

 

Select VPN Tunnel to route the matched packets via the specified VPN

 

tunnel.

 

Select Trunk to route the matched packets through the interfaces in the

 

trunk group based on the load balancing algorithm.

 

Select Interface to route the matched packets through the specified

 

outgoing interface to a gateway (which is connected to the interface).

 

 

Gateway

This field displays when you select Gateway in the Type field. Select a

 

HOST address object. The gateway is an immediate neighbor of your

 

ZyWALL that will forward the packet to the destination. The gateway

 

must be a router or switch on the same segment as your ZyWALL's

 

interface(s).

 

 

288

 

ZyWALL USG 50 User’s Guide