ZyXEL Communications P-334WT Support Notes page 30

on P-334WT box. By default, your connection will be blocked by firewall because of the following
reason.
Step 1. Being the default gateway of PC, P-334WT will receive all "outgoing" traffic from PC.
Step 2. And because of Static route/Traffic Redirect/Policy Routing, P-334WT forwards
the traffic to another gateway (ISDN/Router) which is in the same segment as P-334WT's
LAN.
Step 3. However the return traffic won't go back to P-334WT, in stead, the "another gateway
(ISDN/Router)" will send back the traffic to PC directly. Because the gateway (say, P201) and
the PC are in the same segment.
By default, P-334WT will check the outgoing traffic by ACL and create dynamic sessions to
allow return traffic to go back. To achieve Anti-DoS, P-334WT will send RST packets to the PC
and the peer since it never receives the TCP SYN/ACK packet. Thus the connection will always
be reset by P-334WT.
Solutions.
(A) Deploying your second gateway in IP alias segment is a better solution. In this way, your connection
can be always under control of firewall. And thus there won't be Triangle Route problem.
(B) Deploying your second gateway on WAN side.