Specifications
Virtual Private Networking Using IPSec and L2TP Connections
202
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Considerations for Dual WAN Port Systems
If two WAN ports are configured for either IPv4 or IPv6, you can enable either auto-rollover
mode for increased system reliability or load balancing mode for optimum bandwidth
efficiency. The selection of the WAN mode determines how you need to configure the VPN
features.
The use of fully qualified domain names (FQDNs) in VPN policies is mandatory when the
WAN ports function in auto-rollover mode or load balancing mode, and is also required for
VPN tunnel failover
. When the WAN ports function in load balancing mode, you cannot
configure VPN tunnel failover. An FQDN is optional when the WAN ports function in load
balancing mode if the IP addresses are static, but mandatory if the WAN IP addresses are
dynamic.
See Virtual Private Networks on page 421 for more information about the IP addressing
requirements for VPNs in the dual WAN modes.
For information about how to select and configure a Dynamic DNS service for resolving
FQDNs, see Configure Dynamic DNS on page 49. For information about WAN mode
configuration, see Configure the IPv4 WAN Mode on page 29.
The following diagrams and table show how the WAN mode selection relates to VPN
configuration.
Figure 123.
Figure 124.
Rest of
VPN firewall
functions
VPN firewall
WAN port
functions
VPN firewall
rollover
control
Multiple WAN Port Model
WAN 1 port
WAN 2 port
Internet
Same FQDN required for both WAN ports
WAN auto-rollover: FQDN required for VPN
Rest of
VPN firewall
functions
VPN firewall
WAN port
functions
Load
balancing
control
Multiple WAN Port Model
WAN 1 port
WAN 2 port
Internet
FQDN required for dynamic IP addresses
WAN load balancing: FQDN optional for VPN
FQDN optional for static IP addresses