NETGEAR FVX538 Network Card User Manual


 
Network Planning Guide for ProSafe VPN Firewall Router FVX538
Network Planning 2-1
October 2004
Chapter 2
Network Planning
This chapter describes the factors to consider when planning a network using a router that has dual
WAN ports.
Overview of the Planning Process
The areas that require planning when using a router that has dual WAN ports include:
Single or multiple exposed hosts
Virtual private networks (VPNs)
The two WAN ports can be configured on a mutually-exclusive basis to either:
Fail over for increased system reliability, or
Balance the load for outgoing traffic
These two categories of considerations interact to make the planning process more challenging.
Single or Multiple Exposed Hosts
Unrequested incoming traffic can be directed to one or more exposed hosts rather than being
discarded. As a result, the IP address of at least one WAN port must always be public.
The mechanism for making the IP address public depends on whether there are single or multiple
exposed hosts and whether the dual WAN ports are configured to either fail over or balance the
loads. See “Single or Multiple Exposed Hosts” on page 2-3 for further discussion.
Note: Exposed hosts are sometimes referred to as DMZ hosts. Unlike hardware-based
DMZ ports, however, exposed hosts are implemented in software and do not enjoy the
same level of firewall protection that hardware-based DMZ ports do. Use the exposed
host feature at your own risk.