Chapter 6 Configuration Basics

You do not need to set up policy routes for 1:1 NAT entries.

You can create Many 1:1 NAT entries to translate a range of private network addresses to a range of public IP addresses

Static and dynamic routes have their own category.

Even with these changes, you can still use an existing configuration file from the previous version.

6.4.2 Routing Table Checking Flow Enhancements

When the ZyWALL receives packets it defragments them and applies destination NAT. Then it examines the packets and determines how to route them. The following figure shows how the ZLD 2.20 firmware’s routing table compares with the earlier 2.1x firmware’s routing table.The checking flow is from top to bottom. As soon as the packets match an entry in one of the sections, the ZyWALL stops checking the packets against the routing table and moves on to the other checks, for example the firewall check.

Figure 65 Routing Table Checking Flow Enhancements

1Direct-connected Subnets: The ZyWALL first checks to see if the packets are destined for an address in the same subnet as one of the ZyWALL’s interfaces. You can override this and have the ZyWALL check the policy routes first by enabling the policy route feature’s Use Policy Route to Override Direct Route option (see Section 15.1 on page 347).

 

101

ZyWALL USG 2000 User’s Guide