Quick Reference Guide
ProSafe VPN Firewall 200 FVX538 Reference Manual
Network Planning for Dual WAN Ports B-9
v1.0, January 2010
Inbound Traffic: Dual WAN Ports for Load Balancing
In the dual WAN port case for load balancing, the Internet address of each WAN port is either
fixed if the IP address is fixed or a fully-qualified domain name if the IP address is dynamic.
Virtual Private Networks (VPNs)
When implementing virtual private network (VPN) tunnels, a mechanism must be used for
determining the IP addresses of the tunnel end points. The addressing of the VPN firewall’s dual
WAN port depends on the configuration being implemented:
Note: Load balancing is implemented for outgoing traffic and not for incoming traffic.
Consider making one of the WAN port Internet addresses public and keeping the
other one private in order to maintain better control of WAN port traffic.
Figure B-6
Table B-2. IP Addressing Requirements for VPNs in Dual WAN Port Systems
Configuration and WAN IP address
Single WAN Port
(reference case)
Dual WAN Port Cases
Rollover
a
Load Balancing
VPN Road Warrior
(client-to-gateway)
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
VPN Gateway-to-Gateway Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required