Packet Flow Explore
 
Packet Flow Explore
Use this to get a clear picture on how the Zyxel Device determines where to forward a packet and how to change the source IP address of the packet according to your current settings. This function provides you a summary of all your routing and SNAT settings and helps troubleshoot any related problems.
Routing Status
The Routing Status screen allows you to view the current routing flow and quickly link to specific routing settings. Click a function box in the Routing Flow section, the related routes (activated) will display in the Routing Table section.
The order of the routing flow may vary depending on whether you:
Select use policy route to override direct route in the CONFIGURATION > Network > Routing > Policy Route screen.
Use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command.
Select use policy routes to control dynamic IPSec rules in the CONFIGURATION > VPN > IPSec VPN > VPN Connection screen.
Note: Once a packet matches the criteria of a routing rule, the Zyxel Device takes the corresponding action and does not perform any further flow checking.
Maintenance > Packet Flow Explore > Routing Status 
Label
Description
Routing Flow
This section shows you the flow of how the Zyxel Device determines where to route a packet. Click a function box to display the related settings in the Routing Table section.
Routing Table
This section shows the corresponding settings according to the function box you click in the Routing Flow section.
The following fields are available if you click Direct Route, Static-Dynamic Route, or Main Route in the Routing Flow section.
#
This field is a sequential value, and it is not associated with any entry.
Destination
This is the destination IP address of a route.
Gateway
This is the IP address of the next-hop gateway or the interface through which the traffic is routed.
Interface
This is the name of an interface associated with the route.
Metric
This is the route’s priority among the displayed routes.
Flags
This indicates additional information for the route. The possible flags are:
A - this route is currently activated
S - this is a static route
C - this is a direct connected route
O - this is a dynamic route learned through OSPF
R - this is a dynamic route learned through RIP
B - this is a dynamic route learned through BGP
G - the route is to a gateway (router) in the same network.
! - this is a route which forces a route lookup to fail.
B - this is a route which discards packets.
L - this is a recursive route.
Persist
This is the remaining time of a dynamically learned route. The Zyxel Device removes the route after this time period is counted down to zero.
The following fields are available if you click Policy Route in the Routing Flow section.
#
This field is a sequential value, and it is not associated with any entry.
 
 
Incoming
This is the interface on which the packets are received.
Source
This is the source IP address(es) from which the packets are sent.
Destination
This is the destination IP address(es) to which the packets are transmitted.
Service
This is the name of the service object. any means all services.
Source Port
This is the source port(s) from which the packets are sent.
DSCP Code
This is the DSCP value of incoming packets to which this policy route applies.
Next Hop Type
This is the type of the next hop to which packets are directed.
Next Hop Info
This is the main route if the next hop type is Auto.
This is the interface name and gateway IP address if the next hop type is Interface /GW.
This is the tunnel name if the next hop type is VPN Tunnel.
This is the trunk name if the next hop type is Trunk.
The following fields are available if you click 1-1 SNAT in the Routing Flow section.
#
This field is a sequential value, and it is not associated with any entry.
NAT Rule
This is the name of an activated 1:1 or Many 1:1 NAT rule in the NAT table.
Source
This is the external source IP address(es).
Protocol
This is the transport layer protocol.
Source Port
This is the source port number.
Destination
This is the external destination IP address(es).
Outgoing
This is the outgoing interface that the SNAT rule uses to transmit packets.
Gateway
This is the IP address of the gateway in the same network of the outgoing interface.
The following fields are available if you click Dynamic VPN or SiteToSite VPN in the Routing Flow section.
#
This field is a sequential value, and it is not associated with any entry.
Source
This is the IP address(es) of the local VPN network.
Destination
This is the IP address(es) for the remote VPN network.
VPN Tunnel
This is the name of the VPN tunnel.
The following fields are available if you click Default WAN Trunk in the Routing Flow section.
#
This field is a sequential value, and it is not associated with any entry.
Source
This is the source IP address(es) from which the packets are sent. any means any IP address.
Destination
This is the destination IP address(es) to which the packets are transmitted. any means any IP address.
Trunk
This is the name of the WAN trunk through which the matched packets are transmitted.
SNAT Status
The SNAT Status screen allows you to view and quickly link to specific source NAT (SNAT) settings. Click a function box in the SNAT Flow section, the related SNAT rules (activated) will display in the SNAT Table section.
The order of the SNAT flow may vary depending on whether you:
select use default SNAT in the CONFIGURATION > Network > Interface > Trunk screen.
use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command.
Note: Once a packet matches the criteria of an SNAT rule, the Zyxel Device takes the corresponding action and does not perform any further flow checking.
Maintenance > Packet Flow Explore > SNAT Status 
Label
Description
SNAT Flow
This section shows you the flow of how the Zyxel Device changes the source IP address for a packet according to the rules you have configured in the Zyxel Device. Click a function box to display the related settings in the SNAT Table section.
SNAT Table
The table fields in this section vary depending on the function box you select in the SNAT Flow section.
The following fields are available if you click Policy Route SNAT in the SNAT Flow section.
#
This field is a sequential value, and it is not associated with any entry.
PR #
This is the number of an activated policy route which uses SNAT.
Outgoing
This is the outgoing interface that the route uses to transmit packets.
SNAT
This is the source IP address(es) that the SNAT rule uses finally.
The following fields are available if you click 1-1 SNAT in the SNAT Flow section.
#
This field is a sequential value, and it is not associated with any entry.
NAT Rule
This is the name of an activated NAT rule which uses SNAT.
Source
This is the external source IP address(es).
Protocol
This is the transport layer protocol.
Source Port
This is the source port number.
Destination
This is the external destination IP address(es).
Outgoing
This is the outgoing interface that the SNAT rule uses to transmit packets.
SNAT
This is the source IP address(es) that the SNAT rule uses finally.
The following fields are available if you click Loopback SNAT in the SNAT Flow section.
#
This field is a sequential value, and it is not associated with any entry.
NAT Rule
This is the name of an activated NAT rule which uses SNAT and enables NAT loopback.
Source
This is the external source IP address(es). any means any IP address.
Destination
This is the external destination IP address(es). any means any IP address.
SNAT
This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the Zyxel Device uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule.
The following fields are available if you click Default SNAT in the SNAT Flow section.
#
This field is a sequential value, and it is not associated with any entry.
Incoming
This indicates internal interface(s) on which the packets are received.
Outgoing
This indicates external interface(s) from which the packets are transmitted.
SNAT
This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the Zyxel Device uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule.