Quick Reference Guide
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
8-2 VPN Firewall and Network Management
v1.0, January 2010
In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are
used to connect to the Internet. At 1.5 Mbps, the WAN ports will support the following traffic
rates:
• Load balancing mode: 3 Mbps (two WAN ports at 1.5 Mbps each)
• Rollover mode: 1.5 Mbps (one active WAN port at 1.5 Mbps)
As a result and depending on the traffic being carried, the WAN side of the VPN firewall will be
the limiting factor to throughput for most installations.
Using the dual WAN ports in load balancing mode increases the bandwidth capacity of the WAN
side of the VPN firewall. But there is no backup in case one of the WAN ports fail. In such an
event and with one exception, the traffic that would have been sent on the failed WAN port gets
diverted to the WAN port that is still working, thus increasing its loading. The exception is traffic
that is bound by protocol to the WAN port that failed. This protocol-bound traffic is not diverted.
Features That Reduce Traffic
Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows:
• Service blocking
• Blocking sites
• Source MAC filtering
Service Blocking
You can control specific outbound traffic (from LAN to WAN). The LAN WAN Rules screen lists
all existing rules for outbound traffic. If you have not defined any rules, only the default rule will
be listed. The default rule allows all outgoing traffic. (See “Using Rules to Block or Allow
Specific Kinds of Traffic” on page 4-2 for the procedure on how to use this feature.)
Each rule lets you specify the desired action for the connections covered by the rule:
•BLOCK always
• BLOCK by schedule, otherwise Allow
• ALLOW always
• ALLOW by schedule, otherwise Block
Warning: This feature is for advanced administrators only! Incorrect configuration will
cause serious problems.