Page 276 / 285
Scroll up to view Page 271 - 275
Prestige 324 Intelligent Broadband Sharing Gateway
32
Triangle Route
Appendix J
Triangle Route
The Ideal Setup
When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an
ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect
your LAN against attacks.
Diagram 10 Ideal Setup
The “Triangle Route” Problem
A traffic route is a path for sending or receiving data packets between two Ethernet devices. Some
companies have more than one alternate route to one or more ISPs. If the LAN and ISP(s) are in the same
subnet, the “triangle route” problem may occur. The steps below describe the “triangle route” problem.
Step 1.
A computer on the LAN initiates a connection by sending out a SYN packet to a receiving
server on the WAN.
Step 2.
The Prestige reroutes the SYN packet through Gateway
B
on the LAN to the WAN.
Step 3.
The reply from the WAN goes directly to the computer on the LAN without going through the
Prestige.
As a result, the Prestige resets the connection, as the connection has not been acknowledged.
Page 277 / 285
Triangle Route
33
Diagram 11 “Triangle Route” Problem
The “Triangle Route” Solutions
This section presents you two solutions to the “triangle route” problem.
IP Aliasing
IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your
Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical
network. By putting your LAN and Gateway
B
in different subnets, all returning network traffic must pass
through the Prestige to your LAN. The following steps describe such a scenario.
Step 1.
A computer on the LAN initiates a connection by sending a
SYN packet to a receiving server
on the WAN.
Step 2.
The Prestige
reroutes the packet to Gateway
B
which is in Subnet 2.
Step 3.
The reply from WAN goes through the Prestige to the computer on the LAN in Subnet 1.
Page 278 / 285
Prestige 324 Intelligent Broadband Sharing Gateway
34
Triangle Route
Diagram 12 IP Alias
Gateways on the WAN Side
A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side
as the following figure shows. This ensures that all incoming network traffic passes through your Prestige
to your LAN. Therefore your LAN is protected.
Diagram 13 Gateways on the WAN Side
How To Configure Triangle Route:
Step 1.
From the SMT main menu, enter 24.
Page 279 / 285
Triangle Route
35
Step 2.
Enter “8” in menu 24 to enter CI command mode.
Step 3.
Use the following commands to allow/disallow triangle route.
sys firewall ignore triangle all
off
This command allows triangle route.
sys firewall ignore triangle all on
This command disallows triangle route.
19216811.live