Network Planning for Multiple WAN Ports (IPv4 Only)
412
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
• Dual WAN ports in auto-rollover mode. A gateway configuration with dual WAN ports
that function in auto-rollover mode is different from a gateway configuration with a single
WAN port when you specify the IP address of the VPN tunnel endpoint. Only one WAN
port is active at a time, and when it rolls over, the IP address of the active WAN port
always changes. Therefore, the use of an FQDN is always required, even when the IP
address of each WAN port is fixed.
Note: When the VPN firewall’s WAN port rolls over, the VPN tunnel
collapses and needs to be reestablished using the new WAN IP
address. However, you can configure automatic IPSec VPN rollover
to ensure that an IPSec VPN tunnel is reestablished.
Figure 264.
• Dual WAN ports in load balancing mode. A gateway configuration with dual WAN ports
that function in load balancing mode is the same as a single WAN port configuration when
you specify the IP address of the VPN tunnel endpoint. Each IP address is either fixed or
dynamic based on the ISP: You need to use FQDNs when the IP address is dynamic, and
FQDNs are optional when the IP address is static.
Figure 265.
VPN Road Warrior (Client-to-Gateway)
The following situations exemplify the requirements for a remote computer client with no
firewall to establish a VPN tunnel with a gateway VPN firewall:
• Single-gate
way WAN port
• Redund
ant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dual-g
ateway WAN ports for load balancing