Allow Asymmetrical Route not working
So I was do some testing and testing new setup and I think I found that Allow Asymmetrical Route with my setup don't work. On top of that there are two new ideas I have one is a check box per Policy Control rule to allow Asymmetrical Route. TCP Symmetrical Route works well and I don't want fixing Asymmetrical Route to break TCP Symmetrical Route what I call TCP on SYN which was broken when the USG40 came out and flagged that up and was fixed.
So here is the setup
https://us.v-cdn.net/6029482/uploads/editor/47/fyu7ipp2kmkj.png
In short Symmetrical Route cares for TCP handshake and Asymmetrical Route should not care about TCP handshake.
Comments
-
Hi @PeterUK
The Asymmetrical route function for TCP traffic is only support when incoming and outgoing traffic are belonging to same interface.
But in your scenario, the traffic already separate to 2 devices.
Packet direction of three handshake:
SYN: PC -> ZyWALL110 -> USG40 -> Server
SYN, ACK: Server -> USG40 -> PC
ACK: PC -> ZyWALL110 -> USG40 -> Server
The TCP session will only generate after three handshake progress is completely.
But it doesn’t complete on ZyWALL110, so session did not created on ZyWALL110.
So the data is unable pass to ZyWALL110 continually.
And it is the reason that ICMP/ UDP traffic without routing issue.
0 -
Zyxel_Stanley said:
Hi @PeterUK
The Asymmetrical route function for TCP traffic is only support when incoming and outgoing traffic are belonging to same interface.
True Asymmetrical route should not need the handshake and if you turn off the firewall on ZyWALL 110 TCP works but it should work when Allow Asymmetrical Route is enabled.Or to put another way how do I keep ZyWALL110 firewall on and make TCP work in this setup if not its not Asymmetrical route ?
0 -
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight