ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Network Planning for Multiple WAN Ports B-7
v1.0, April 2010
• Dual WAN ports in load balancing mode. Load balancing for a VPN firewall with dual
WAN ports is similar to a single WAN gateway configuration when you specify the IP address.
Each IP address is either fixed or dynamic based on the ISP: You must use FQDNs when the
IP address is dynamic, but FQDNs are optional when the IP address is static.
Inbound Traffic
Incoming traffic from the Internet is normally discarded by the VPN firewall unless the traffic is a
response to one of your local computers or a service for which you have configured an inbound
rule. Instead of discarding this traffic, you can configure the VPN firewall to forward it to one or
more LAN hosts on your network.
The addressing of the VPN firewall’s dual WAN port depends on the configuration being
implemented.
Inbound Traffic to a Single WAN Port System
The Internet IP address of the VPN firewall’s WAN port must be known to the public so that the
public can send incoming traffic to the exposed host when this feature is supported and enabled.
Figure B-3
Table B-1. IP Addressing Requirements for Exposed Hosts in a Dual WAN Port
Configuration
Configuration and
WAN IP address
Single WAN Port
(Reference Case)
Dual WAN Port Cases
Rollover Load Balancing
Inbound traffic
• Port forwarding
• Port triggering
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
To Next Page
Loading...
