Filter
Top Products
Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
633
ProSecure Unified Threat Management (UTM) Appliance
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall such as an
UTM to establish a VPN tunnel with another gateway VPN firewall:
• Single-gateway WAN ports
• Redundant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dual-gateway WAN ports for load balancing
VPN Gateway-to-Gateway: Single-Gateway WAN Ports (Reference Case)
In a configuration with two single WAN port gateways, either gateway WAN port can initiate
the VPN tunnel with the other gateway WAN port because the IP addresses are known in
advance.
Figure 370.
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional.
VPN Gateway-to-Gateway: Dual-Gateway WAN Ports for Improved Reliability
In a configuration with two dual WAN port VPN gateways that function in auto-rollover mode,
either of the gateway WAN ports at one end can initiate the VPN tunnel with the appropriate
gateway WAN port at the other end as necessary to balance the loads of the gateway WAN
ports because the IP addresses of the WAN ports are known in advance. In this example
(see
the following figure), port WAN_A1 is active and port WAN_A2 is inactive at Gateway A; port
WAN_B1 is active and port WAN_B2 is inactive at Gateway B.