ZyXEL 35 Guía Del Usuario
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
296
D14. In ZyWALL, is DMZ behind NAT or not?
Basically DMZ is behind NAT. But there is one exception. If you use Full Feature as NAT type, and there
is no NAT mapping for systems on DMZ. Then NAT will not take effect in this case.
D15. Can I use both public and private IP addresses on DMZ?
•
Yes, you can. To achieve this, you have to use IP alias to separate the DMZ interface into 2
logical segments, one for private IP, and the other for public IP.
•
Then you have to use Full Feature as NAT type in Menu 4.
•
Set NAT mapping for private IP addresses in Menu 15.1.
•
Note that in this case, NAT will not take care of IP addresses without NAT mapping. So private IP
address could be sent out by ZyWALL due to users’ incaution.
D16. Why does traffic redirect/static/policy route be blocked by ZyWALL?
ZyWALL is an ideal secure gateway for all data passing between the Internet and the LAN/DMZ. For
some reasons (load balance or backup line), users may want traffic to be re-routed to another Internet
access devices while still be protected by ZyWALL. In such case, the network topology is the most
important issue. Here is a common example that people mis-deploy the LAN traffic redirect and static
route.