Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Here you can view all the pages of manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual. The Netgear manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 631
Network Planning for Multiple WAN Ports 629 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 You can configure two WAN ports on a mutually exclusive basis to do either of the following: •Auto-rollover for increased reliability •Load balance for outgoing traffic These various types of traffic and auto-rollover or load balancing, which are listed below, all interact to make the planning process more challenging: •Inbound traffic. Unrequested incoming traffic can be directed to a computer on your...
Page 632
Network Planning for Multiple WAN Ports 630 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Figure 15. Dual WAN ports in load balancing mode Planning for Inbound Traffic Incoming traffic from the Internet is normally discarded by the VPN firewall unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule. Instead of discarding this traffic, you can configure the VPN firewall to forward it to one or more LAN hosts on your...
Page 633
Network Planning for Multiple WAN Ports 631 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Inbound Traffic to a Single WAN Port System The Internet IP address of the VPN firewall’s WAN port must be known to the public so that the public can send incoming traffic to the exposed host when this feature is supported and enabled. In the single WAN case, the WAN’s Internet address is either a fixed IP address or an FQDN if the IP address is dynamic. Figure 16. Inbound traffic to a single WAN port...
Page 634
Network Planning for Multiple WAN Ports 632 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Note:Load balancing is implemented for outgoing traffic and not for incoming traffic. To maintain better control of WAN port traffic, consider making one of the WAN port Internet addresses public and to keep the other one private. Figure 18. Inbound traffic to a dual WAN port system in load balancing mode Planning for Virtual Private Networks The following sections provide information about planning...
Page 635
Network Planning for Multiple WAN Ports 633 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For a single WAN gateway configuration, use an FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP address is fixed. The situation is different in dual WAN port gateway configurations. •Dual WAN ports in auto-rollover mode. A gateway configuration with dual WAN ports that function in auto-rollover mode is different from a gateway configuration with a single WAN...
Page 636
Network Planning for Multiple WAN Ports 634 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 VPN Telecommuter - Client-to-Gateway The following situations exemplify the requirements for a remote computer client with no firewall to establish a VPN tunnel with a gateway VPN firewall: •Single-gateway WAN port •Redundant dual-gateway WAN ports for increased reliability (before and after rollover) •Dual-gateway WAN ports for load balancing VPN Telecommuter : Single-Gateway WAN Port - Reference Case...
Page 637
Network Planning for Multiple WAN Ports 635 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The IP addresses of the WAN ports can be either fixed or dynamic, but you always must use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP address of the active WAN port is not known in advance). After a rollover of the WAN port occurs, the previously inactive gateway WAN port becomes the active port (port WAN2 in the following figure) and the remote computer client...
Page 638
Network Planning for Multiple WAN Ports 636 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 VPN Gateway-to-Gateway The following situations exemplify the requirements for a gateway VPN firewall to establish a VPN tunnel with another gateway VPN firewall: •Single-gateway WAN ports •Redundant dual-gateway WAN ports for increased reliability (before and after rollover) •Dual-gateway WAN ports for load balancing VPN Gateway-to-Gateway: Single-Gateway WAN Ports - Reference Case In a configuration...
Page 639
Network Planning for Multiple WAN Ports 637 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Figure 26. Gateway-to-gateway example in a dual WAN port configuration before auto-rollover The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you must always use an FQDN because the active WAN ports could be either WAN_A1, WAN_A2, WAN_B1, or WAN_B2 (that is, the IP address of the active WAN ports is not known in advance). After a rollover of a gateway WAN port, the...
Page 640
Network Planning for Multiple WAN Ports 638 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Figure 28. Gateway-to-gateway example in a dual WAN port configuration with load balancing The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, you must use an FQDN. If an IP address is fixed, an FQDN is optional. VPN Telecommuter - Client-to-Gateway Through a NAT Router Note:The telecommuter case presumes that the home office has a dynamic IP address...