Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
636
ProSecure Unified Threat Management (UTM) Appliance
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, you need to use an FQDN. If the IP address is fixed, an FQDN is optional.
VPN Telecommuter: Dual-Gateway WAN Ports for Improved Reliability
In a dual WAN port auto-rollover gateway configuration, the remote VPN client initiates the
VPN tunnel with the active gateway WAN port (port WAN1 in the following figure) because
the IP address of the remote NAT router is not known in advance. The gateway WAN port
needs to function as the responder.
Figure 375.
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you always
need to use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is,
the IP address of the active WAN port is not known in advance).
After a rollover of the WAN port has occurred, the previously inactive gateway WAN port
becomes the active port (port WAN2 in the following figure), and the remote VPN needs to
reestablish the VPN tunnel. The gateway WAN port needs to function as the responder.
Figure 376.
The purpose of the FQDN is to toggle the domain name of the gateway between the IP
addresses of the active WAN port that is, WAN1 and WAN2) so that the remote VPN client
can determine the gateway IP address to establish or reestablish a VPN tunnel.