Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
631
ProSecure Unified Threat Management (UTM) Appliance
VPN Road Warrior: Single-Gateway WAN Port (Reference Case)
In a single WAN port gateway configuration, the remote VPN client initiates the VPN tunnel
because the IP address of the remote VPN client is not known in advance. The gateway
WAN port needs to function as the responder.
Figure 366.
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, an FQDN needs to be used. If the IP address is fixed, an FQDN is optional.
VPN Road Warrior: Dual-Gateway WAN Ports for Improved Reliability
In a dual WAN port auto-rollover gateway configuration, the remote VPN client initiates the
VPN tunnel with the active WAN port (port WAN1 in the following figure) because the IP
address of the remote VPN client is not known in advance. The gateway WAN port needs to
function as a responder.
Figure 367.
The IP addresses of the WAN ports can be either fixed or dynamic, but you always need to
use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP
address of the active WAN port is not known in advance).
After a rollover of the WAN port has occurred, the previously inactive gateway WAN port
becomes the active port (port WAN2 in the following figure) and the remote VPN client needs
to reestablish the VPN tunnel. The gateway WAN port needs to function as the responder.