ProSafe VPN Firewall 200 FVX538 Reference Manual
C-8 Network Planning for Dual WAN Ports
v1.0, August 2006
Inbound Traffic
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Inbound Rules
menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts on
your network.
The addressing of the firewall’s dual WAN port depends on the configuration being implemented:
Inbound Traffic to Single WAN Port (Reference Case)
The Internet IP address of the firewall’s WAN port must be known to the public so that the public
can send incoming traffic to the exposed host when this feature is supported and enabled.
In the single WAN case (Figure C-4), the WAN’s Internet address is either fixed IP or a fully-
qualified domain name if the IP address is dynamic.
Inbound Traffic to Dual WAN Port Systems
The IP address range of the firewall’s WAN port must be both fixed and public so that the public
can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.
Table C-1. IP addressing requirements for exposed hosts in dual WAN port systems
Configuration and
WAN IP address
Single WAN Port
(reference case)
Dual WAN Port Cases
Rollover Load Balancing
Inbound traffic
• Port forwarding
• Port triggering
• DMZ port
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required
Figure C-4
Router
netgear.dyndns.org
WAN IP
IPaddressofWANport:
FQDNisrequiredfordynamicIPaddressandisoptionalforfixedIPaddress