ZyXEL Communications P-334WT Información técnica descargar pdf (Pagina 24)

The above figure indicates the "triangle route" topology. It works fine if you turn off firewall

function on P-334WT box. By default, your connection will be blocked by firewall because of the

following reason.

Step 1.

Being the default gateway of PC, P-334WT will receive all "outgoing" traffic from

PC.

Step 2.

And because of Static route/Traffic Redirect/Policy Routing, P-334WT

forwards the traffic to another gateway (ISDN/Router) which is in the same segment as P-

334WT's LAN.

Step 3.

However the return traffic won't go back to P-334WT, in stead, the "another

gateway (ISDN/Router)" will send back the traffic to PC directly. Because the gateway

(say, P201) and the PC are in the same segment.

By default, P-334WT will check the outgoing traffic by ACL and create dynamic sessions to

allow return traffic to go back. To achieve Anti-DoS, P-334WT will send RST packets to the

PC and the peer since it never receives the TCP SYN/ACK packet. Thus the connection will

always be reset by P-334WT.

Solutions.

(A) Deploying your second gateway in IP alias segment is a better solution. In this way, your

connection can be always under control of firewall. And thus there won't be Triangle Route problem.

1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 294 295

Sin comentarios

ZyXEL Communications P-334WT Información técnica Pagina 24