Figure 472 backup gateway, Managing the bandwidth of vpn traffic – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Appendix I Command Interpreter

ZyWALL 2WG User’s Guide

705

is on and set to force updates, the ZyWALL receives the gratuitous ARP request and updates
its ARP table. This way the ZyWALL has a correct gateway ARP entry to forward packets
through the backup gateway. If ackGratuitous is off or not set to force updates, the ZyWALL
will not update the gateway ARP entry and cannot forward packets through gateway B.

Figure 472 Backup Gateway

Updating the ARP entries could increase the danger of spoofing attacks. It is only
recommended that you turn on ackGratuitous and force update if you need it like in the
previous backup gateway example. Turning on the force updates option is more dangerous
than leaving it off because the ZyWALL updates the ARP table even when there is an existing
entry.

Managing the Bandwidth of VPN Traffic

By default the ZyWALL uses the inner source and destination IP addresses of VPN packets in
managing the bandwidth of the VPN traffic. This means that it looks at the IP address of the
computer that sent the packets and the IP address of the computer to which it is sending the
packets. The following figure shows an example of this. The ZyWALL uses the IP addresses
of computers A and B to manage the bandwidth of the VPN traffic for their respective IPSec
SA.

Syntax:

bm vpnTraffic [on|off]