ProSafe VPN Firewall 200 FVX538 Reference Manual
2-10 Connecting the FVX538 to the Internet
v1.0, August 2006
Configuring the WAN Mode (Required for Dual WAN)
The dual WAN ports of the ProSafe VPN Firewall 200 can be configured on a mutually exclusive
basis for either auto-rollover (for increased system reliability) or load balancing (for maximum
bandwidth efficiency).
• Auto-Rollover Mode. In this mode, the selected WAN interface is made primary and the other
is the rollover link. As long as the primary link is up, all traffic is sent over the primary link.
Once the primary WAN interface goes down, the rollover link is brought up to send the
traffic.Traffic will automatically roll back to the original primary link once the original
primary link is back up and running again.
If you want to use a redundant ISP link for backup purposes, select the WAN port that will act
as the primary link for this mode. Ensure that the backup WAN port has also been configured
and that you configure the WAN Failure Detection Method to support Auto-Rollover.
• Load Balancing Mode. In this mode the router distributes the outbound traffic equally among
the WAN interfaces that are functional.
For both alternatives, you must also set up Network Address Translation (NAT):
• NAT. NAT is the technology which allows all PCs on your LAN to share a single Internet IP
address. From the Internet, there is only a single device (the Router) and a single IP address.
PCs on your LAN can use any private IP address range, and these IP addresses are not visible
from the Internet.
– The Router uses NAT to select the correct PC (on your LAN) to receive any incoming
data.
– If you only have a single Internet IP address, you MUST use NAT.
NAT is the default setting.
• Classical Routing. In this mode, the Router performs Routing, but without NAT. To gain
Internet access, each PC on your LAN must have a valid Internet IP address.
Note: Scenarios could arise when load balancing needs to be bypassed for certain
traffic or applications. Here the traffic needs to go on a specific WAN
interface. This is done with the protocol binding rules of that WAN interface.
The rule should match the desired traffic.