Routing is one of most important features of the security gateway. Configuration options covered in this article will allow you to set the behavior of traffic passing through your gateway to your requirements.
This article covers all routing related configuration options within Nebula Control Center, which includes Policy Route, Static Route, Traffic Shaping and WAN Load Balancing features. To access these options, please, log into Nebula Control Center using your credentials at and navigate to following menu:
USG FLEX > Configure > Routing
Table of Contents
Policy Route
To create a policy route on your USG FLEX, simply click the Add button in Policy Route/Traffic Shaping list and fill in the Matching Criteria to identify which traffic should be affected by this rule.
For Source and Destination addresses, you may use keyword Any to match all traffic, single host IP address, CIDR formatted subnet, IP Range defined by address interval, FQDN or country name for GeoIP.
Service can be Either TCP, UDP, ICMP or any protocol not listed if needed. The port field for TCP/UDP traffic accepts comma separated values, interval of ports or combination of both.
When we are done configuring the matching criteria for our traffic, we need to set where the traffic is supposed to be routed. Make sure that the Policy Route field is checked and select Type of the traffic - whether it is designated to be routed on WAN interface (Internet Traffic) or to another gateway within local network (Intranet Traffic). In the Next-Hop field, select desired gateway for the traffic.
Static Route
To create a static routing record on your USG FLEX, simply click the Add button in Static Route list and fill in source subnet. Next Hop Type allows you to select whether static IP address will be used, or Interface gateway's IP that can is updated automatically whenever it changes by USG FLEX. The metric field sets the priority of the rule, lower metric means the route is more likely to be used.
Traffic Shaping
Similar to policy routing, to create a traffic shaping rule on your USG FLEX, simply click the Add button in Policy Route/Traffic Shaping list and fill in the Matching Criteria to identify which traffic should be affected by this rule.
For Source and Destination addresses, you may use keyword Any to match all traffic, single host IP address, CIDR formatted subnet, IP Range defined by address interval, FQDN or country name for GeoIP.
Service can be Either TCP, UDP, ICMP or any protocol not listed if needed. The port field for TCP/UDP traffic accepts comma separated values, interval of ports or combination of both.
When we are done configuring the matching criteria for our traffic, we may enable the Traffic Shaping option in the form and new options will appear. Set the rate limits and priority to your liking and click Create to save the rule.
WAN Load Balancing
In current implementation, WAN Load Balancing uses Weighted Round Robin algorithm and the respective values are calculated automatically based on Downstream bandwidth and Upstream bandwidth values of respective interface. To configure this value, please edit respective WAN interface in following menu:
USG FLEX > Configure > Interface
In case you have one of WAN interfaces which you want to use only as a last resort backup due to data plan limitations for example, you may designate such interface as a backup interface. With this setting, the interface will not be used, unless all other WAN interfaces are unavailable.
Please sign in to leave a comment.