ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
2-16 Connecting the VPN Firewall to the Internet
v1.0, April 2010
Configuring the WAN Mode
The VPN firewall can be configured on a mutually exclusive basis for either auto-rollover (for 
increased system reliability) or load balancing (for maximum bandwidth efficiency). If you do not 
select load balancing, you need to specify one WAN interface as the primary interface.
• Load balancing mode. The VPN firewall distributes the outbound traffic equally among the 
WAN interfaces that are functional. You can configure up to four WAN interfaces. The VPN 
firewall supports weighted load balancing and round-robin load balancing (see “Configuring 
Load Balancing and Optional Protocol Binding” on page 2-21
).
• Primary WAN mode. The selected WAN interface is made the primary interface. The other 
three interfaces are disabled.
• Auto-rollover mode. The selected WAN interface is defined as the primary link, and another 
interface must be defined as the rollover link. The remaining two interfaces are disabled. As 
long as the primary link is up, all traffic is sent over the primary link. When the primary link 
goes down, the rollover link is brought up to send the traffic. When the primary link comes 
back up, traffic automatically rolls back to the original primary link.
If you want to use a redundant ISP link for backup purposes, select the WAN port that must act 
as the primary link for this mode. Ensure that the backup WAN port has also been configured 
and that you configure the WAN failure detection method on the WAN Advanced Options 
screen to support auto-rollover (see “Configuring the Auto-Rollover Mode and Failure 
Detection Method” on page 2-18).
Whichever WAN mode you select, you must also select either NAT or classical routing, as 
explained in the following sections.
Configuring Network Address Translation
Network Address Translation (NAT) allows all PCs on your LAN to share a single public Internet 
IP address. From the Internet, there is only a single device (the VPN firewall) and a single IP 
address. PCs on your LAN can use any private IP address range, and these IP addresses are not 
visible from the Internet.
Note: Scenarios could arise when load balancing needs to be bypassed for certain 
traffic or applications. If certain traffic needs to travel on a specific WAN 
interface, configure protocol binding rules for that WAN interface. The rule 
should match the desired traffic.