NETGEAR SRX5308-100NAS Switch User Manual


 
Network Planning for Multiple WAN Ports (IPv4 Only)
409
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Features such as multiple exposed hosts are not supported in auto-rollover mode
because the IP addresses of each WAN port need to be in the identical range of fixed
addresses.
Dua
l WAN ports in load balancing mode. Load balancing for a VPN firewall with dual
WAN ports is similar to a single WAN gateway configuration when you specify the IP
address. Each IP address is either fixed or dynamic based on the ISP: You need to use
FQDNs when the IP address is dynamic, but FQDNs are optional when the IP address is
static.
Figure 260.
Inbound Traffic
Inbound Traffic to a Single WAN Port System
Inbound Traffic to a Dual WAN Port System
Incoming traffic from the Internet is normally discarded by the VPN firewall unless the tra
ffic is
a response to one of your local computers or a service for which you have configured an
inbound rule. Instead of discarding this traffic, you can configure the VPN firewall to forward it
to one or more LAN hosts on your network.
The addressing of the VPN firewall’s dual WAN port depends on the configuration being
implemented.
Inbound Traffic to a Single WAN Port System
The Internet IP address of the VPN firewall’s WAN port needs to be known to the public so
that the public can send incoming traffic to the exposed host when this feature is supported
and enabled.
In the single WAN case, the WAN’s Internet address is either a fixed IP address or an FQDN
if the IP address is dynamic.
Table 103. IP addressing requirements for exposed hosts in a dual WAN port configuration
Configuration and
WAN IP Address
Single WAN Port
(Reference Case)
Dual WAN Port Cases
Rollover Load Balancing
Inbound traffic
• Port forwarding
• Port triggering
Fixed Allowed
(FQDN optional)
FQDN required Allowed
(FQDN optional)
Dynamic FQDN required FQDN required FQDN required