Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
564
ProSecure Unified Threat Management (UTM) Appliance
the IP address of the VPN tunnel endpoint. Only one WAN port is active at a time, and
when it rolls over, the IP address of the active WAN port always changes. Therefore, the
use of an FQDN is always required, even when the IP address of each WAN port is fixed.
Note: When the UTM’s WAN port rolls over, the VPN tunnel collapses and
need to be reestablished using the new WAN IP address. However,
you can configure automatic IPSec VPN rollover to ensure that an
IPSec VPN tunnel is reestablished.
Figure 331.
• Dual WAN ports in load balancing mode. A dual WAN port load balancing gateway
configuration is the same as a single WAN port configuration when you specify the IP
address of the VPN tunnel endpoint. Each IP address is either fixed or dynamic based on
the ISP: You need to use FQDNs when the IP address is dynamic, and FQDNs are
optional when the IP address is static.
Figure 332.
VPN Road Warrior (Client-to-Gateway)
The following situations exemplify the requirements for a remote PC client with no firewall to
establish a VPN tunnel with a gateway VPN firewall such as an UTM:
• Single-gateway WAN port
• Redundant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dual-gateway WAN ports for load balancing
To Next Page
Loading...
Need help?
General
