Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
629
ProSecure Unified Threat Management (UTM) Appliance
Note: Load balancing is implemented for outgoing traffic and not for
incoming traffic. Consider making one of the WAN port Internet
addresses public and keeping the other one private in order to
maintain better control of WAN port traffic.
Figure 363.
Virtual Private Networks
• VPN Road Warrior (Client-to-Gateway)
• VPN Gateway-to-Gateway
• VPN Telecommuter (Client-to-Gateway through a NAT Router)
When implementing virtual private network (VPN) tunnels, you need to use a mechanism for
determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s dual
WAN port depends on the configuration being implemented.
Table 159. IP addressing requirements for VPNs in dual WAN port systems
Configuration and WAN IP address Single WAN port
configurations
(reference cases)
Dual WAN port configurations
Rollover Mode
1
1. After a rollover, all tunnels need to be reestablished using the new WAN IP address.
Load balancing mode
VPN Road Warrior
(Client-to-Gateway)
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
VPN Gateway-to-Gateway Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
VPN Telecommuter
(Client-to-Gateway through
a NAT Router)
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required