Figure 530 Backup Gateway - ZyXEL Communications ZyWall 5 Series User Manual

A backup gateway (as in the following graphic) is an example of when you might want to turn
on the forced update for gratuitous ARP requests. One day gateway A shuts down and the
backup gateway (B) comes online using the same static IP address as gateway A. Gateway B
broadcasts a gratuitous ARP request to ask which host is using its IP address. If ackGratuitous
is on and set to force updates, the ZyWALL receives the gratuitous ARP request and updates
its ARP table. This way the ZyWALL has a correct gateway ARP entry to forward packets
through the backup gateway. If ackGratuitous is off or not set to force updates, the ZyWALL
will not update the gateway ARP entry and cannot forward packets through gateway B.

Figure 530 Backup Gateway

Updating the ARP entries could increase the danger of spoofing attacks. It is only
recommended that you turn on ackGratuitous and force update if you need it like in the
previous backup gateway example. Turning on the force updates option is more dangerous
than leaving it off because the ZyWALL updates the ARP table even when there is an existing
entry.
Managing the Bandwidth of VPN Traffic
Syntax:
bm vpnTraffic [on|off]
By default the ZyWALL uses the inner source and destination IP addresses of VPN packets in
managing the bandwidth of the VPN traffic. This means that it looks at the IP address of the
computer that sent the packets and the IP address of the computer to which it is sending the
packets. The following figure shows an example of this. The ZyWALL uses the IP addresses
of computers A and B to manage the bandwidth of the VPN traffic for their respective IPSec
SA.
Appendix K Command Interpreter
ZyWALL 5/35/70 Series User's Guide
803