Specifications
Network Planning for Multiple WAN Ports
419
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Features such as multiple exposed hosts are not supported in auto-rollover mode
because the IP addresses of each WAN port need to be in the identical range of fixed
addresses.
• Dual WAN ports in load balancing mode. Load balancing for a VPN firewall with dual
W
AN ports is similar to a single WAN gateway configuration when you specify the IP
address. Each IP address is either fixed or dynamic based on the ISP: You need to use
FQDNs when the IP address is dynamic, but FQDNs are optional when the IP address is
static.
Figure 264.
Inbound Traffic
• Inbound Traffic to a Single WAN Port System
• Inbound Traffic to a Dual WAN Port System
Incoming traffic from the Internet is normally discarded by the VPN firewall unless the traffic is
a response to one of your local computers or a service for which you have configured an
inbound rule. Instead of discarding this traf
fic, you can configure the VPN firewall to forward it
to one or more LAN hosts on your network.
The addressing of the VPN firewall’
s dual WAN port depends on the configuration being
implemented.
Inbound Traffic to a Single WAN Port System
The Internet IP address of the VPN firewall’s WAN port needs to be known to the public so
that the public can send incoming traffic to the exposed host when this feature is supported
and enabled.
In the single WAN case, the WAN’s Internet address is either a fixed IP address or an FQDN
if the IP address is dynamic.
Table 104. IP addressing requirements for exposed hosts in a dual WAN port configuration
Configuration and
WAN IP Address
Single WAN Port
(Reference Case)
Dual WAN Port Cases
Rollover Load Balancing
Inbound traffic
• Port forwarding
• Port triggering
Fixed Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required FQDN required FQDN required