Virtual Private Networking Using IPSec Connections
238
ProSecure Unified Threat Management (UTM) Appliance
The use of fully qualified domain names (FQDNs) in VPN policies is mandatory when the
WAN ports function in auto-rollover mode or load balancing mode, and is also required for
VPN tunnel failover. When the WAN ports function in load balancing mode, you cannot
configure VPN tunnel failover. An FQDN is optional when the WAN ports function in load
balancing mode if the IP addresses are static, but mandatory if the WAN IP addresses are
dynamic.
See Virtual Private Networks on page 563 for more information about the IP addressing
requirements for VPNs in the dual WAN modes.
For information about how to select and configure a Dynamic DNS service for resolving
FQDNs, see Configure Dynamic DNS on page 87. For information about WAN mode
configuration, see Configure the WAN Mode on page 75.
The following diagrams and table show how the WAN mode selection relates to VPN
configuration.
Figure 134.
Figure 135.
The following table summarizes the WAN addressing requirements (FQDN or IP address) for
a VPN tunnel in either dual WAN mode.
Table 54. IP addressing for VPNs in dual WAN port systems
Configuration and WAN IP address Rollover mode
a
Load balancing mode
VPN Road Warrior
(client to gateway)
Fixed FQDN required FQDN Allowed (optional)
Dynamic FQDN required FQDN required
Rest of
UTM
functions
UTM
WAN port
functions
UTM
rollover
control
Multiple WAN Port Model
WAN 1 port
WAN 2 port
Internet
Same FQDN required for both WAN ports
WAN auto-rollover: FQDN required for VPN
Rest of
UTM
functions
UTM
WAN port
functions
Load
balancing
control
Multiple WAN Port Model
WAN 1 port
WAN 2 port
Internet
FQDN required for dynamic IP addresses
WAN load balancing: FQDN optional for VPN
FQDN optional for static IP addresses
To Next Page
Loading...
Need help?
General
