NETGEAR FVX538, FVX538NA Overview of the Planning Process

ProSafe VPN Firewall 200 FVX538 Reference Manual

C-6 Network Planning for Dual WAN Ports

v1.0, August 2006

Overview of the Planning Process

The areas that require planning when using a firewall that has dual WAN ports include:

• Inbound traffic (e.g., port forwarding, port triggering, DMZ port)

• Virtual private networks (VPNs)

The two WAN ports can be configured on a mutually-exclusive basis to either:

• Rollover for increased reliability, or

• Balance the load for outgoing traffic.

These two categories of considerations interact to make the planning process more challenging.

Unrequested incoming traffic can be directed to a PC on your LAN rather than being discarded.

The mechanism for making the IP address public depends on whether the dual WAN ports are

configured to either roll over or balance the loads. See “Inbound Traffic” on page C-8 for further

discussion.

A virtual private network (VPN) tunnel provides a secure communication channel between either

two gateway VPN firewalls or between a remote PC client and gateway VPN firewall. As a result,

the IP address of at least one of the tunnel end points must be known in advance in order for the

other tunnel end point to establish (or re-establish) the VPN tunnel. See “Virtual Private Networks

(VPNs)” on page C-10 for further discussion.

Note: Once the gateway firewall WAN port rolls over , the VPN tunnel collapses and must

be re-established using the new WAN IP address.