ZyWALL Series CLI Reference Guide
169
CHAPTER 18
Route
This chapter shows you how to configure policies for IP routing and static routes on your Zyxel Device.
18.1 Policy Route
Traditionally, routing is based on the destination address only and the Zyxel Device takes the shortest
path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing
behavior and alter the packet forwarding based on the policy defined by the network administrator.
Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.
18.1.1 Source Network Address Translation (SNAT)
SNAT allows the Zyxel Device to rewrite the source IP address of packets in a policy route. This means you
can make packets coming from an IP address appear to originate from a different IP address.
18.1.1.1 SNAT with the ZyWALL Interface
In firmware version 5.0 and later, you can apply SNAT to packets sent from the ZyWALL interface. This
can be used to separate internally generated Zyxel Device traffic from other traffic.
For example: The Zyxel Device has two IP addresses, 6.6.6.6 and 6.6.6.7, on a WAN interface. There is a
firewall in front of the Zyxel Device with the following security rules:
• IP address 6.6.6.6 is client traffic. There are no restrictions.
• IP address 6.6.6.7 is Zyxel Device traffic, Packets can only go to *.myzyxel.com and *.cloud.zyxel.com.
If clients are connected to LAN1 on the Zyxel Device, then you need to create two policy routes with
SNAT enabled:
• Client_Route - Incoming interface: LAN1, SNAT: 6.6.6.6.
• Device_Route - Incoming interface: ZyWALL, SNAT: 6.6.6.7.
To Next Page
Loading...
