Filter
Top Products
Chapter 15 Firewall
AMG1312-T Series User’s Guide
184
1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on
the WAN.
2 The AMG1312-T Series reroutes the SYN packet through Gateway A on the LAN to the WAN.
3 The reply from the WAN goes directly to the computer on the LAN without going through the
AMG1312-T Series.
As a result, the AMG1312-T Series resets the connection, as the connection has not been
acknowledged.
Figure 95 “Triangle Route” Problem
15.6.4.2 Solving the “Triangle Route” Problem
If you have the AMG1312-T Series allow triangle route sessions, traffic from the WAN can go
directly to a LAN computer without passing through the AMG1312-T Series and its firewall
protection.
Another solution is to use IP alias. IP alias allows you to partition your network into logical sections
over the same Ethernet interface. Your AMG1312-T Series supports up to three logical LAN
interfaces with the AMG1312-T Series being the gateway for each logical network.
It’s like having multiple LAN networks that actually use the same physical cables and ports. By
putting your LAN and Gateway A in different subnets, all returning network traffic must pass
through the AMG1312-T Series to your LAN. The following steps describe such a scenario.
1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the
WAN.
2 The AMG1312-T Series reroutes the packet to Gateway A, which is in Subnet 2.
3 The reply from the WAN goes to the AMG1312-T Series.
4 The AMG1312-T Series then sends it to the computer on the LAN in Subnet 1.
1
2
3
WAN
LAN
A
ISP 1
ISP 2