ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
C-16 Network Planning for Dual WAN Ports
v1.2, June 2008
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified
domain name must always be used because the active WAN ports could be either WAN_A1,
WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in
advance).
After a rollover of a gateway WAN port (FigureC-15), the previously inactive gateway WAN port
becomes the active port (port WAN_A2 in this example) and one of the gateway VPN firewalls
must re-establish the VPN tunnel.
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
Figure C-15