ZyWALL Series Internet Security Gateway
1. Jane (A) requests a file from the Real Audio server (port 7070).
2. Port 7070 is a "trigger" port and causes the ZyWALL to record Jane's computer IP address. The ZyWALL
associates Jane's computer IP address with the "incoming" port range of 6970-7170.
3. The Real Audio server responds using a port number ranging between 6970-7170.
4. The ZyWALL forwards the traffic to Jane's computer IP address.
5. Only Jane can connect to the Real Audio server until the connection is closed or times out. The ZyWALL
times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control
Protocol/Internet Protocol).
9.6.2 Two Points To Remember About Trigger Ports
1. Trigger events only happen on data that is going coming from inside the ZyWALL and going to the
outside.
2. If an application needs a continuous data stream, that port (range) will be tied up so that another
computer on the LAN can't trigger it.
9.7
Configuring Trigger Port Forwarding
To change your ZyWALL's trigger port settings, click SUA/NAT and the Trigger Port tab. The screen
appears as shown.
Only one LAN computer can use a trigger port (range) at a time.
9-14
Figure 9-7 Trigger Port Forwarding Process: Example
NAT Screens