ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Connecting the VPN Firewall to the Internet 2-21
v1.0, April 2010
5. Click Apply to save your settings.
You can configure the VPN firewall to generate a WAN status log and email this log to a specified
address (see “Activating Notification of Events, Alerts, and Syslogs” on page 9-5).
Configuring Load Balancing and Optional Protocol Binding
To use multiple ISP links simultaneously, configure load balancing. In load balancing mode, any
WAN port carries any outbound protocol unless protocol binding is configured.
When a protocol is bound to a particular WAN port, all outgoing traffic of that protocol is directed
to the bound WAN port. For example, if the HTTPS protocol is bound to the WAN1 port and the
FTP protocol is bound to the WAN2 port, then the VPN firewall automatically routes all outbound
HTTPS traffic from the computers on the LAN through the WAN1 port. All outbound FTP traffic
is routed through the WAN2 port.
Protocol binding addresses two issues:
• Segregation of traffic between links that are not of the same speed.
High-volume traffic can be routed through the WAN port connected to a high-speed link, and
low-volume traffic can be routed through the WAN port connected to the low-speed link.
• Continuity of source IP address for secure connections.
Some services, particularly HTTPS, cease to respond when a client’s source IP address
changes shortly after a session has been established.
Ping Pings are sent to a server with a public IP address. This server should not reject
the ping request and should not consider ping traffic to be abusive.
IP Address The IP address of the ping server.
Retry Interval is The retry interval in seconds. The DNS query or ping is sent periodically after
every test period. The default test period is 30 seconds.
Failover after The number of failover attempts. The primary WAN interface is considered down
after the specified number of queries have failed to elicit a reply. The backup
interface is brought up after this situation has occurred. The failover default is
4 failures.
Note: The default time to roll over after the primary WAN interface fails is
2 minutes. The minimum test period is 30 seconds, and the minimum number
of tests is 4.
Table 2-5. Failure Detection Method Settings (continued)
Setting Description (or Subfield and Description)
To Next Page
Loading...
