Chapter 6 Configuration Basics

and general NAT on the source address. You have to set up the criteria, next-hops, and NAT settings first.

MENU ITEM(S)

Configuration > Network > Routing > Policy Route

 

Criteria: users, user groups, interfaces (incoming), IPSec VPN

 

(incoming), addresses (source, destination), address groups (source,

 

destination), schedules, services, service groups

PREREQUISITES

Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks,

 

interfaces

 

NAT: addresses (translated address), services and service groups

 

(port triggering)

 

 

Example: You have an FTP server connected to ge4 (in the DMZ zone). You want to limit the amount of FTP traffic that goes out from the FTP server through your WAN connection.

1Create an address object for the FTP server (Object > Address).

2Click Configuration > Network > Routing > Policy Route to go to the policy route configuration screen. Add a policy route.

3Name the policy route.

4Select the interface that the traffic comes in through (ge4 in this example).

5Select the FTP server’s address as the source address.

6You don’t need to specify the destination address or the schedule.

7For the service, select FTP.

8For the Next Hop fields, select Interface as the Type if you have a single WAN connection or Trunk if you have multiple WAN connections.

9Select the interface that you are using for your WAN connection (ge2 and ge3 are the default WAN interfaces). If you have multiple WAN connections, select the trunk.

10Specify the amount of bandwidth FTP traffic can use. You may also want to set a low priority for FTP traffic.

Note: The ZyWALL checks the policy routes in the order that they are listed. So make sure that your custom policy route comes before any other routes that would also match the FTP traffic.

106

 

ZyWALL USG 2000 User’s Guide