Network Planning for Multiple WAN Ports
636
ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv3
Note: Load balancing is implemented for outgoing traffic and not for
incoming traffic. To maintain better control of WAN port traffic,
consider making one of the WAN port Internet addresses public and to
keep the other one private.
Figure 18. Inbound traffic to a dual WAN port system in load balancing mode
Planning for Virtual Private Networks
The following sections provide information about planning for VPN:
• VPN Telecommuter - Client-to-Gateway
• VPN Gateway-to-Gateway
• VPN Telecommuter - Client-to-Gateway Through a NAT Router
When implementing virtual private network (VPN) tunnels, you must use a mechanism for
determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s WAN
ports in a dual WAN port auto-rollover or load balancing configuration depends on the
configuration being implemented.
Table 12. IP addressing requirements for VPNs in a dual WAN port configuration
Configuration and WAN IP Address Single WAN Port
Configurations
(Reference Cases)
Dual WAN Port Configurations
Rollover Mode
a
a. After a rollover, all tunnels must be reestablished using the new WAN IP address.
Load Balancing Mode
VPN Telecommuter -
Client-to-Gateway
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
VPN Gateway-to-Gateway
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
VPN Telecommuter -
Client-to-Gateway Through
a NAT Router
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
To Next Page
Loading...
