Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
630
ProSecure Unified Threat Management (UTM) Appliance
For a single WAN gateway configuration, use an FQDN when the IP address is dynamic and
either an FQDN or the IP address itself when the IP address is fixed. The situation is different
in dual WAN port gateway configurations.
• Dual WAN ports in auto-rollover mode. A dual WAN port auto-rollover gateway
configuration is different from a single WAN port gateway configuration when you specify
the IP address of the VPN tunnel endpoint. Only one WAN port is active at a time, and
when it rolls over, the IP address of the active WAN port always changes. Therefore, the
use of an FQDN is always required, even when the IP address of each WAN port is fixed.
Note: When the UTM’s WAN port rolls over, the VPN tunnel collapses and
need to be reestablished using the new WAN IP address. However,
you can configure automatic IPSec VPN rollover to ensure that an
IPSec VPN tunnel is reestablished.
Figure 364.
• Dual WAN ports in load balancing mode. A dual WAN port load balancing gateway
configuration is the same as a single WAN port configuration when you specify the IP
address of the VPN tunnel endpoint. Each IP address is either fixed or dynamic based on
the ISP: You need to use FQDNs when the IP address is dynamic, and FQDNs are
optional when the IP address is static.
Figure 365.
VPN Road Warrior (Client-to-Gateway)
The following situations exemplify the requirements for a remote VPN client with no firewall to
establish a VPN tunnel with a gateway VPN firewall such as an UTM:
• Single-gateway WAN port
• Redundant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dual-gateway WAN ports for load balancing