Appendix F Triangle Route - ZyXEL Communications ZyWall 10W User Manual

The Ideal Setup
When the firewall is on, your ZyWALL acts as a secure gateway between your LAN and the Internet. In an
ideal network topology, all incoming and outgoing network traffic passes through the ZyWALL to protect
your LAN against attacks. SYN traffic (1 in the figure) is replied to by SYN/ACK traffic (2 in the figure).
The "Triangle Route" Problem
A traffic route is a path for sending or receiving data packets between two Ethernet devices. Some companies
have more than one alternate route to one or more ISPs. If the LAN and ISP(s) are in the same subnet, the
"triangle route" problem may occur. The steps below describe the "triangle route" problem.
1. A computer on the LAN initiates a connection by sending out a SYN packet (A) to a receiving server on
the WAN.
2. The ZyWALL reroutes the SYN packet through Gateway B on the LAN to the WAN.
3. The reply from the WAN goes directly to the computer on the LAN without going through the
ZyWALL.
As a result, the ZyWALL resets the connection, as the connection has not been acknowledged.
Triangle Route
ZyWALL Series Internet Security Gateway
Diagram F-1 Ideal Setup
Appendix F
Triangle Route
F-1