ProSecure Unified Threat Management (UTM) Appliance

Note: Load balancing is implemented for outgoing traffic and not for incoming traffic. Consider making one of the WAN port Internet addresses public and keeping the other one private in order to maintain better control of WAN port traffic.

Figure 363.

Virtual Private Networks

VPN Road Warrior (Client-to-Gateway)

VPN Gateway-to-Gateway

VPN Telecommuter (Client-to-Gateway through a NAT Router)

When implementing virtual private network (VPN) tunnels, you need to use a mechanism for determining the IP addresses of the tunnel endpoints. The addressing of the firewall’s dual WAN port depends on the configuration being implemented.

Table 159. IP addressing requirements for VPNs in dual WAN port systems

Configuration and WAN IP address

Single WAN port

Dual WAN port configurations

 

 

configurations

Rollover Mode1

Load balancing mode

 

 

(reference cases)

 

 

 

 

 

 

 

 

 

VPN Road Warrior

Fixed

Allowed

FQDN required

Allowed

(Client-to-Gateway)

 

(FQDN optional)

 

(FQDN optional)

 

 

 

 

 

 

Dynamic

FQDN required

FQDN required

FQDN required

 

 

 

 

 

VPN Gateway-to-Gateway

Fixed

Allowed

FQDN required

Allowed

 

 

(FQDN optional)

 

(FQDN optional)

 

 

 

 

 

 

Dynamic

FQDN required

FQDN required

FQDN required

 

 

 

 

 

VPN Telecommuter

Fixed

Allowed

FQDN required

Allowed

(Client-to-Gateway through

 

(FQDN optional)

 

(FQDN optional)

a NAT Router)

 

 

 

 

Dynamic

FQDN required

FQDN required

FQDN required

 

 

 

 

 

 

1. After a rollover, all tunnels need to be reestablished using the new WAN IP address.

Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)

629

Page 629
Image 629
NETGEAR STM150EW-100NAS, UTM5EW-100NAS manual Virtual Private Networks, 629