NETGEAR FVX538 Overview of the Planning Process, Inbound Traffic, Virtual Private Networks VPNs

ProSafe VPN Firewall 200 FVX538 Reference Manual

Overview of the Planning Process

The areas that require planning when using a firewall that has dual WAN ports include:

•Inbound traffic (e.g., port forwarding, port triggering, DMZ port)

•Virtual private networks (VPNs)

The two WAN ports can be configured on a mutually-exclusive basis to either:

•Rollover for increased reliability, or

•Balance the load for outgoing traffic.

These two categories of considerations interact to make the planning process more challenging.

Inbound Traffic

Unrequested incoming traffic can be directed to a PC on your LAN rather than being discarded. The mechanism for making the IP address public depends on whether the dual WAN ports are configured to either roll over or balance the loads. See “Inbound Traffic” on page C-8for further discussion.

Virtual Private Networks (VPNs)

A virtual private network (VPN) tunnel provides a secure communication channel between either two gateway VPN firewalls or between a remote PC client and gateway VPN firewall. As a result, the IP address of at least one of the tunnel end points must be known in advance in order for the other tunnel end point to establish (or re-establish) the VPN tunnel. See “Virtual Private Networks (VPNs)” on page C-10for further discussion.

Note: Once the gateway firewall WAN port rolls over, the VPN tunnel collapses and must be re-established using the new WAN IP address.

v1.0, August 2006