Chapter 10 Routing
USG20(W)-VPN Series User’s Guide
228
10.1.2 What You Need to Know
Policy Routing
Traditionally, routing is based on the destination address only and the USG takes the shortest path
to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing
behavior and alter the packet forwarding based on the policy defined by the network administrator.
Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal
routing.
How You Can Use Policy Routing
• Source-Based Routing – Network administrators can use policy-based routing to direct traffic
from different users through different connections.
• Bandwidth Shaping – You can allocate bandwidth to traffic that matches routing policies and
prioritize traffic. You can also use policy routes to manage other types of traffic (like ICMP traffic)
and send traffic through VPN tunnels.
• Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-
cost paths while using low-cost paths for batch traffic.
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
• NAT - The USG performs NAT by default for traffic going to or from the
WAN
interfaces. A routing
policy’s SNAT allows network administrators to have traffic received on a specified interface use a
specified IP address as the source IP address.
Note: The USG automatically uses SNAT for traffic it routes from internal interfaces to
external interfaces. For example LAN to WAN traffic.
Static Routes
The USG usually uses the default gateway to route outbound traffic from computers on the LAN to
the Internet. To have the USG send data to devices not reachable through the default gateway, use
static routes. Configure static routes if you need to use RIP or OSPF to propagate the routing
information to other routers. See
for more on RIP and OSPF.
Policy Routes Versus Static Routes
• Policy routes are more flexible than static routes. You can select more criteria for the traffic to
match and can also use schedules, NAT, and bandwidth management.
• Policy routes are only used within the USG itself. Static routes can be propagated to other routers
using RIP or OSPF.
• Policy routes take priority over static routes. If you need to use a routing policy on the USG and
propagate it to other routers, you could configure a policy route and an equivalent static route.
DiffServ
QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given
the same priority. CoS (class of service) is a way of managing traffic in a network by grouping
similar types of traffic together and treating each type as a class. You can use CoS to give different
priorities to different packet types.
Summary of Contents for ZyWall USG20-VPN
Page 17: ...17 PART I User s Guide ...
Page 18: ...18 ...
Page 99: ...99 PART II Technical Reference ...
Page 100: ...100 ...