Filter
Top Products
P-202H Plus v2 Support Notes
The above figure indicates the "triangle route" topology. It works fine if you turn
off firewall function on P-202H Plus v2 box. However, if you turn on firewall, your
connection will be blocked by firewall because of the following reason.
Step 1. Being the default gateway of PC, P-202H Plus v2 will receive all
"outgoing" traffic from PC.
Step 2. And because of Static route/Policy Routing, P-202H Plus v2
forwards the traffic to another gateway (ISDN/Router) which is in the
same segment as P-202H Plus v2's LAN.
Step 3. However the return traffic won't go back to P-202H Plus v2, in stead,
the "another gateway (ISDN/Router)" will send back the traffic to PC
directly. Because the gateway (say, P201) and the PC are in the same
segment.
When firewall is turned on, P-202H Plus v2 will check the outgoing traffic by ACL
and create dynamic sessions to allow return traffic to go back. To achieve Anti-
DoS, P-202H Plus v2 will send RST packets to the PC and the peer since it
never receives the TCP SYN/ACK packet. Thus the connection will always be
reset by P-202H Plus v2.
Solutions.
(A) Deploying your second gateway in IP alias segment is a better solution. In
this way, your connection can be always under control of firewall. And thus there
won't be Triangle Route problem.
All contents copyright © 2006 ZyXEL Communications Corporation.
21