Chapter 13 Policy and Static Routes

following twelve DSCP encodings from AF11 through AF43. The decimal equivalent is listed in brackets.

Table 80 Assured Forwarding (AF) Behavior Group

 

Class 1

Class 2

Class 3

Class 4

 

 

 

 

 

Low Drop Precedence

AF11 (10)

AF21 (18)

AF31 (26)

AF41 (34)

 

 

 

 

 

Medium Drop Precedence

AF12 (12)

AF22 (20)

AF32 (28)

AF42 (36)

 

 

 

 

 

High Drop Precedence

AF13 (14)

AF23 (22)

AF33 (30)

AF43 (38)

 

 

 

 

 

Port Triggering

Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding, you set the port(s) and IP address to forward a service (coming in from the remote server) to a client computer. The problem is that port forwarding only forwards a service to a single IP address. In order to use the same service on a different computer, you have to manually replace the client computer's IP address with another client computer's IP address.

Port triggering allows the client computer to take turns using a service dynamically. Whenever a client computer’s packets match the routing policy, it can use the pre-defined port triggering setting to connect to the remote server without manually configuring a port forwarding rule for each client computer.

Port triggering is used especially when the remote server responses using a different port from the port the client computer used to request a service. The ZyWALL records the IP address of a client computer that sends traffic to a remote server to request a service (incoming service). When the ZyWALL receives a new connection (trigger service) from the remote server, the ZyWALL forwards the traffic to the IP address of the client computer that sent the request.

In the following example, you configure two services for port triggering:

Incoming service: Game (UDP: 1234)

Trigger service: Game-1 (UDP: 5670-5678)

1Computer A wants to play a multiplayer online game and tries to connect to game server 1 using port 1234. The ZyWALL records the IP address of computer A when the packets match a policy with SNAT configured.

2Game server 1 responds using a port number ranging between 5670 - 5678. The ZyWALL allows and forwards the traffic to computer A.

294

 

ZyWALL USG 50 User’s Guide