Chapter 10 Routing
USG20(W)-VPN Series User’s Guide
235
DSCP Marking
Set how the USG handles the DSCP value of the outgoing packets that match this
route.
Select one of the pre-defined DSCP values to apply or select
User Define
to specify
another DSCP value. The “
af
” choices stand for Assured Forwarding. The number
following the “
af
” identifies one of four classes and one of three drop preferences. See
Assured Forwarding (AF) PHB for DiffServ on page 238
for more details.
Select
preserve
to have the USG keep the packets’ original DSCP value.
Select
default
to have the USG set the DSCP value of the packets to 0.
User-Defined
DSCP Code
Use this field to specify a custom DSCP value.
Address Translation
Use this section to configure NAT for the policy route. This section does not apply to
policy routes that use a VPN tunnel as the next hop.
Source Network
Address Translation
Select
none
to not use NAT for the route.
Select
outgoing-interface
to use the IP address of the outgoing interface as the
source IP address of the packets that matches this route.
To use SNAT for a virtual interface that is in the same WAN trunk as the physical
interface to which the virtual interface is bound, the virtual interface and physical
interface must be in different subnets.
Otherwise, select a pre-defined address (group) to use as the source IP address(es) of
the packets that match this route.
Use
Create new Object
if you need to configure a new address (group) to use as the
source IP address(es) of the packets that match this route.
Healthy Check
Use this part of the screen to configure a route connectivity check and disable the
policy if the interface is down.
Disable policy route
automatically while
Interface link down
Select this to disable the policy if the interface is down or disabled. This is available for
Interface
and
Trunk
in the
Type
field above.
Enable Connectivity
Check
Select this to turn on the connection check. This is available for
Interface
and
Gateway
in the
Type
field above.
Check Method:
Select the method that the gateway allows.
Select icmp to have the USG regularly ping the gateway you specify to make sure it is
still available.
Select tcp to have the USG regularly perform a TCP handshake with the gateway you
specify to make sure it is still available.
Check Period:
Enter the number of seconds between connection check attempts (5-600 seconds).
Check Timeout:
Enter the number of seconds to wait for a response before the attempt is a failure (1-
10 seconds).
Check Fail
Tolerance:
Enter the number of consecutive failures before the USG stops routing using this policy
(1-10).
Check Port:
This field only displays when you set the Check Method to tcp. Specify the port number
to use for a TCP connectivity check (1-65535).
Check this address:
Select this to specify a domain name or IP address for the connectivity check. Enter
that domain name or IP address in the field next to it.
OK
Click
OK
to save your changes back to the USG.
Cancel
Click
Cancel
to exit this screen without saving.
Table 91
Configuration > Network > Routing > Policy Route > Add/Edit (continued)
LABEL
DESCRIPTION
Summary of Contents for ZyWall USG20-VPN
Page 17: ...17 PART I User s Guide ...
Page 18: ...18 ...
Page 99: ...99 PART II Technical Reference ...
Page 100: ...100 ...