ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
8-2 Router and Network Management
v1.2, June 2008
WAN side: 2000 Mbps (load balancing mode, two WAN ports at 1000 Mbps each) or 1000
Mbps (rollover mode, one active WAN port at 1000 Mbps)
In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are
used to connect to the Internet. At 1.5 Mbps, the WAN ports will support the following traffic
rates:
Load balancing mode: 3 Mbps (two WAN ports at 1.5 Mbps each)
Rollover mode: 1.5 Mbps (one active WAN port at 1.5 Mbps)
As a result and depending on the traffic being carried, the WAN side of the firewall will be the
limiting factor to throughput for most installations.
Using the dual WAN ports in load balancing mode increases the bandwidth capacity of the WAN
side of the VPN firewall. But there is no backup in case one of the WAN ports fail. In such an
event and with one exception, the traffic that would have been sent on the failed WAN port gets
diverted to the WAN port that is still working, thus increasing its loading. The exception is traffic
that is bound by protocol to the WAN port that failed. This protocol-bound traffic is not diverted.
Features That Reduce Traffic
Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows:
Service blocking
Block sites
Source MAC filtering
Service Blocking
You can control specific outbound traffic (from LAN to WAN). Outbound Services lists all
existing rules for outbound traffic. If you have not defined any rules, only the default rule will be
listed. The default rule allows all outgoing traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
•BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
Warnin g: This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.