ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Network Planning for Multiple WAN Ports B-9
v1.0, April 2010
Virtual Private Networks
When implementing virtual private network (VPN) tunnels, you must use a mechanism for
determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s WAN ports
in a dual WAN port auto-rollover or load balancing configuration depends on the configuration
being implemented.
Note: Load balancing is implemented for outgoing traffic and not for incoming traffic.
Consider making one of the WAN port Internet addresses public and keeping the
other one private in order to maintain better control of WAN port traffic.
Figure B-6
Table B-2. IP Addressing Requirements for VPNs in a Dual WAN Port Configuration
Configuration and WAN IP address
Single WAN Port
Configurations
(Reference Cases)
Dual WAN Port Configurations
Rollover Mode
a
a. All tunnels must be reestablished after a rollover using the new WAN IP address.
Load Balancing Mode
“VPN Road Warrior (Client-
to-Gateway)”
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
“VPN Gateway-to-Gateway” Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
“VPN Telecommuter (Client-
to-Gateway through a NAT
Router)”
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
To Next Page
Loading...
