Why traffic redirect/static/policy route be blocked by ZyWALL?
ZyWALL is an ideal secure gateway for all data passing between the Internet and the LAN/DMZ. For some reasons (load balance or backup line), users may want traffic to be re-routed to another Internet access devices while still be protected by ZyWALL. In such case, the network topology is the most important issue. Here is a common example that people mis-deploy the LAN traffic redirect and static route. The above figure indicates the “triangle route” topology. It works fine if you turn off firewall function on ZyWALL box. However, if you turn on firewall, your connection will be blocked by firewall because of the following reason. Step 1. Being the default gateway of PC, ZyWALL will receive all “outgoing” traffic from PC. Step 2. And because of Static route/Traffic Redirect/Policy Routing, ZyWALL forwards the traffic to another gateway (ISDN/Router) which is in the same segment as ZyWALL’s LAN. Step 3. However the return traffic won’t go back to ZyWALL, in stead, the “another gateway (I
Related Questions
- When I have a static route and RIP configured on a router, why is it that the static route with an administrative distance of 1 is preferred over RIP routes with an administrative distance of 120?
- My default policy is to allowing all traffic. When I send traffic on a port that is not in the blocked port list, why is the packet still dropped?
- Why traffic redirect/static/policy route be blocked by ZyWALL?
