ZyXEL Communications ZyWALL 5 User Manual page 482

ZyWALL 5 Internet Security Appliance
The "Triangle Route" Solutions
This section presents you two solutions to the "triangle route" problem.
IP Aliasing
IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Your ZyWALL supports up to three logical LAN interfaces with the ZyWALL being the gateway for
each logical network. By putting your LAN and Gateway B in different subnets, all returning network
traffic must pass through the ZyWALL to your LAN. The following steps describe such a scenario.
A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on
1.
the WAN.
The ZyWALL reroutes the packet to Gateway B in Subnet 2.
2.
The reply from WAN goes through the ZyWALL to the computer on the LAN in Subnet 1.
3.
Gateways on the WAN Side
A second solution to the "triangle route" problem is to put all of your network gateways on the WAN
side as the following figure shows. This ensures that all incoming network traffic passes through your
ZyWALL to your LAN. Therefore your LAN is protected.
D-2
Diagram D-3 IP Alias
Diagram D-4 Gateways on the WAN Side
Triangle Route