Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS336Gv1
221222223224225226227228229230
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Network Planning for Dual WAN Ports B-13
v1.0, January 2010
The purpose of the fully-qualified domain name in this case is to toggle the domain name of the
gateway firewall between the IP addresses of the active WAN port (i.e., WAN1 and WAN2) so that
the remote PC client can determine the gateway IP address to establish or re-establish a VPN
tunnel.
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN firewall, the remote PC initiates the VPN
tunnel with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as necessary to
balance the loads of the two gateway WAN ports) because the IP address of the remote PC is not
known in advance. The chosen gateway WAN port must act as the responder.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall to establish a
VPN tunnel with another gateway VPN firewall:
Single gateway WAN ports
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN firewalls, either gateway WAN port can
initiate the VPN tunnel with the other gateway WAN port because the IP addresses are known in
advance.
Figure B-12