Specifications
Virtual Private Networking Using IPSec Connections
135
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 74.
Figure 75.
The following table summarizes the WAN addressing requirements (FQDN or IP address) for
a VPN tunnel in either dual WAN mode.
Table 28. IP Addressing for VPNs in Dual WAN Port Systems
Configuration and WAN IP address Rollover mode
a
a. After a rollover, all tunnels need to be reestablished using the new WAN IP address.
Load balancing mode
VPN “Road Warrior”
(client-to-gateway)
Fixed FQDN required FQDN Allowed (optional)
Dynamic FQDN required FQDN required
VPN “Gateway-to-Gateway” Fixed FQDN required FQDN Allowed (optional)
Dynamic FQDN required FQDN required
VPN “Telecommuter”
(client-to-gateway through a
NAT router)
Fixed FQDN required FQDN Allowed (optional)
Dynamic FQDN required FQDN required
Rest of
VPN Firewall
Functions
VPN Firewall
WAN Port
Functions
VPN Firewall
Rollover
Control
VPN Firewall
WAN 1 Port
WAN 2 Port
Internet
Same FQDN required for both WAN ports
WAN Auto-Rollover: FQDN Required for VPN
Rest of
VPN Firewall
Functions
VPN Firewall
WAN Port
Functions
Load
Balancing
Control
VPN Firewall
WAN 1 Port
WAN 2 Port
Internet
FQDN required for dynamic IP addresses
WAN Load Balancing: FQDN Optional for VPN
FQDN optional for static IP addresses