ZyWALL 5/35/70 Series User’s Guide
149 Chapter 7 WAN Screens
7.13 Traffic Redirect
Traffic redirect forwards WAN traffic to a backup gateway when the ZyWALL cannot connect
to the Internet through its normal gateway. Connect the backup gateway on the WAN so that
the ZyWALL still provides firewall protection.
Figure 58 Traffic Redirect WAN Setup
The following network topology allows you to avoid triangle route security issues (see
Appendix I on page 718) when the backup gateway is connected to the LAN or DMZ. Use IP
alias to configure the LAN into two or three logical networks with the ZyWALL itself as the
gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the
following figure) and the backup gateway in another subnet (Subnet 2). Configure a LAN to
LAN/ZyWALL firewall rule that forwards packets from the protected LAN (Subnet 1) to the
backup gateway (Subnet 2).
The following network topology allows you to avoid triangle route security issues (see
Appendix I on page 718) when the backup gateway is connected to the LAN or DMZ. Use IP
alias to configure the LAN into two or three logical networks with the ZyWALL itself as the
gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the
following figure) and the backup gateway in another subnet (Subnet 2). Configure a LAN to
LAN/ZyWALL firewall rule that forwards packets from the protected LAN (Subnet 1) to the
backup gateway (Subnet 2).
