Manually Configure Internet and WAN Settings
81
ProSecure Unified Threat Management (UTM) Appliance
WAN interfaces, the remaining interfaces are disabled. As long as the primary link is up,
all traffic is sent over the primary link. When the primary link goes down, the rollover link
is brought up to send the traffic. When the primary link comes back up, traffic
automatically rolls back to the original primary link.
If you want to use a redundant ISP link for backup purposes, select the WAN interface
that needs to function as the primary link for this mode. Ensure that the backup WAN
interface has also been configured and that you configure the WAN failure detection
method on the WAN Advanced Options screen to support auto-rollover (see Configure
Auto-Rollover Mode and the Failure Detection Method (Multiple WAN Port Models) on
page 82).
Whichever WAN mode you select for the multiple WAN port models, you also need to select
either NAT or classical routing, as explained in the following sections.
Note: NAT and classical routing also apply to the single WAN port models.
WARNING:
When you change the WAN mode, the WAN interface or interfaces
restart. If you change from primary WAN mode to load balancing
mode, or the other way around, the interface through which you
can access the UTM might change. Take note of the IP addresses
of the interfaces before you change the WAN mode.
Configure Network Address Translation (All Models)
Network Address Translation (NAT) allows all computers on your LAN to share a single public
Internet IP address. From the Internet, there is only a single device (the UTM) and a single IP
address. Computers on your LAN can use any private IP address range, and these IP
addresses are not visible from the Internet.
Note the following about NAT:
• The UTM uses NAT to select the correct computer (on your LAN) to receive any incoming
data.
• If you have only a single public Internet IP address, you need to use NAT (the default
setting).
• If your ISP has provided you with multiple public IP addresses, you can use one address
as the primary shared address for Internet access by your computers, and you can map
incoming traffic on the other public IP addresses to specific computers on your LAN. This
one-to-one inbound mapping is configured using an inbound firewall rule.