Network Planning for Multiple WAN Ports (IPv4 Only)
415
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall to establish a
VPN tunnel with another gateway VPN firewall:
• Single
-gateway WAN ports
• Red
undant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dua
l-gateway WAN ports for load balancing
VPN Gateway-to-Gateway: Single-Gateway WAN Ports (Reference Case)
In a configuration with two single WAN port gateways, either gateway WAN port can initiate
the VPN tunnel with the other gateway WAN port because the IP addresses are known in
advance.
Figure 270.
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional.
VPN Gateway-to-Gateway: Dual-Gateway WAN Ports for Improved Reliability
In a configuration with two dual WAN port VPN gateways that function in auto-rollover mode,
either of the gateway WAN ports at one end can initiate the VPN tunnel with the appropriate
gateway WAN port at the other end as necessary to balance the loads of the gateway WAN
ports because the IP addresses of the WAN ports are known in advance. In this example
(see the following figure), port WAN_A1 is active and port WAN_A2 is inactive at Gateway A;
port WAN_B1 is active and port WAN_B2 is inactive at Gateway B.