NETGEAR UTM5-100NAS Network Hardware User Manual


 
ProSecure Unified Threat Management (UTM) Appliance Reference Manual
B-6 Network Planning for Dual WAN Ports (Dual-WAN Port Models Only)
v1.0, January 2010
These various types of traffic and auto-rollover or load balancing all interact to make the planning
process more challenging:
Inbound Traffic. Unrequested incoming traffic can be directed to a PC on your LAN rather
than being discarded. The mechanism for making the IP address public depends on whether
the dual WAN ports are configured for auto-rollover or load balancing.
Virtual Private Networks. A virtual private network (VPN) tunnel provides a secure
communication channel between either two gateway VPN firewalls or between a remote PC
client and gateway VPN firewall. As a result, the IP address of at least one of the tunnel
endpoints must be known in advance in order for the other tunnel end point to establish (or re-
establish) the VPN tunnel.
Dual WAN Ports in Auto-Rollover Mode. Rollover for an UTM with dual WAN ports is
different from a single-WAN port gateway configuration when you specify the IP address.
Only one WAN port is active at a time and when it rolls over, the IP address of the active WAN
port always changes. Therefore, the use of a fully qualified domain name (FQDN) is always
required, even when the IP address of each WAN port is fixed.
Features such as multiple exposed hosts are not supported in auto-rollover mode because the
IP addresses of each WAN port must be in the identical range of fixed addresses.
Note: When the UTM’s WAN port rolls over, the VPN tunnel collapses and must be
re-established using the new WAN IP address. However, you can configure
automatic IPsec VPN rollover to ensure that an IPsec VPN tunnel is re-
established.
Figure B-2