Network Planning for Multiple WAN Ports (IPv4 Only)
416
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 271.
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you always
need to use an FQDN because the active WAN ports could be either WAN_A1, WAN_A2,
WAN_B1, or WAN_B2 (that is, the IP address of the active WAN ports is not known in
advance).
After a rollover of a gateway WAN port, the previously inactive gateway WAN port becomes
the active port (port WAN_A2 in the following figure), and one of the gateways needs to
reestablish the VPN tunnel.
Figure 272.
The purpose of the FQDNs is to toggle the domain name of the rolled-over gateway between
the IP addresses of the active WAN port (that is, WAN_A1 and WAN_A2 in the previous
figure) so that the other end of the tunnel has a known gateway IP address to establish or
reestablish a VPN tunnel.
VPN Gateway-to-Gateway: Dual-Gateway WAN Ports for Load Balancing
In a configuration with two dual-WAN port VPN gateways that function in load balancing
mode, either of the gateway WAN ports at one end can be programmed in advance to initiate
the VPN tunnel with the appropriate gateway WAN port at the other end as necessary to
manage the loads of the gateway WAN ports because the IP addresses of the WAN ports are
known in advance.