ZyXEL Communications ZYWALL USG 2000 Support Notes page 205

ZyWALL USG 2000 Support Notes
F07. Why ZyWALL USG 2000 cannot ping the Internet host, but PC from LAN
side can browse internet WWW?
This is mainly caused by your interface configuration. If you setup two WAN interfaces,
which have gateway IP address configured, the default route will have two entries added in
ZyWALL USG 2000. If one of the WAN interfaces can't connect to the internet (for example,
ppp interface don't dialup successfully), and this interface has smaller metric than the other
WAN interface, ZyWALL USG 2000 will select this as default route and traffic can't go out
from the ZyWALL USG 2000.
F08. Why can't I ping to the, Internet, after I shutdown the primary WAN
interface?
ZyWALL USG 2000 routes packets by checking session information first. Once packet
matched a session that is already created, it would not lookup the routing table. So the
interface status change doesn't affect the routing result until a new session is created. If you
continually ping internet host and shutdown the ZyWALL USG 2000 primary WAN interface,
the ping packet still matches the original session, which is bound to primary WAN interface
already. The session timeout for ICMP is 15 second.
F09. Why the virtual server or port trigger does not work?
If virtual server or port trigger (or any traffic from WAN zone to LAN zone) doesn't work,
check whether the firewall rule from WAN to LAN is disabled.
F10. Why port trigger does not work?
The port trigger will work only when there is a connection matching that policy route rule.
Please note that firewall may block those triggered services. So, if you have problems with
triggering the service, check firewall settings and its logs too.
205
All contents copyright (c) 2008 ZyXEL Communications Corporation.