Page 61 / 238 Scroll up to view Page 56 - 60
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Connecting the FVS124G to the Internet
4-17
202-10085-01, March 2005
Test Period—DNS query is sent periodically after every test period. The minimum test
period is 30 seconds.
Maximum Failures—The WAN interface is considered down after the configured number
of DNS queries have failed to elicit a DNS reply from the configured DNS server. The
minimum number of failed DNS queries is four. The rollover link is brought up after this.
The minimum time to roll over after the primary WAN interface fails is two minutes (i.e., 30
second minimum test period times a minimum of four tests).
2.
Once a rollover occurs, an alert will be generated (see
“Getting E-Mail Notifications of Event
Logs and Alerts” on page 6-30
). You should then get the failed WAN interface restored and
then force traffic back on the original primary WAN interface by reapplying the WAN Mode
menu shown in
Figure 4-6
.
Load Balancing (and Protocol Binding) Setup
Perform the following steps to configure the dual WAN ports for load balancing and protocol
binding on outbound traffic:
1.
Select Load Balancing on the screen shown in
Figure 4-6
to invoke the WAN Mode Load
Balancing screen shown in
Figure 4-7
.
Page 62 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
4-18
Connecting the FVS124G to the Internet
202-10085-01, March 2005
Figure 4-7:
WAN Mode screen for load balancing and protocol binding
Fill out the screen using the following parameter definitions:
Detection of WAN failure—WAN failure is detected using DNS queries to the DNS
server. For each WAN interface, DNS queries are sent to the configured DNS server. If the
DNS replies are not received, the corresponding WAN interface is considered down.
ISP DNS Server—In this case, DNS queries are sent to the DNS server configured on
the WAN ISP pages (see
“Step 3: Configure the Internet Connections to Your ISPs
(Required)” on page 4-8
).
Public DNS Server—The user is also given an option to enter any Public DNS server.
DNS queries are sent to this server through the WAN interface being monitored.
Page 63 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Connecting the FVS124G to the Internet
4-19
202-10085-01, March 2005
Test Period—DNS query is sent periodically after every test period. The minimum test
period is 30 seconds.
Maximum Failures—The WAN interface is considered down after the configured number
of DNS queries have failed to elicit a DNS reply from the configured DNS server. The
minimum number of failed DNS queries is four.
The minimum time for a WAN interface to be classified as having failed is two minutes (i.e.,
30 second minimum test period times a minimum of four tests). All traffic then stops on that
WAN port. Traffic that is not bound by protocol to the failed WAN port is then sent to the
working WAN port. If the total traffic on the working WAN port exceeds its bandwidth, then
congestion occurs.
Once a WAN interface fails, an alert will be generated (see
“Getting E-Mail Notifications of
Event Logs and Alerts” on page 6-30
). You must then get the failed WAN interface restored
before it can carry traffic again by reapplying the WAN Mode menu shown in
Figure 4-10
.
2.
Click
Add
in the appropriate WAN interface section of the WAN Mode Load Balancing screen
to invoke the WAN Mode Protocol Bonding screen (if protocol binding is needed). Fill out the
screen using the following parameter definitions:
Service—Select the desired Services or applications to be covered by this rule. If the
desired service or application does not appear in the list, you must define it using the
Services menu (see
“Services-Based Rules” on page 6-4
).
Source Network—These settings determine which computers on your network are
affected by this rule. Select the desired options:
Any—All PCs and devices on your LAN.
Single address—Enter the required address and the rule will be applied to that
particular PC.
Address range —If this option is selected, you must enter the start and finish fields.
Groups—Select the Group you wish this rule to apply to. You can use the Network
Database screen to assign PCs to Groups.
Destination Network—These settings determine which Internet locations are covered by
the rule, based on their IP address. Select the desired option:
Any—All Internet IP address are covered by this rule.
Single address—Enter the required address in the start fields.
Address range—If this option is selected, you must enter the start and finish fields.
Page 64 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
4-20
Connecting the FVS124G to the Internet
202-10085-01, March 2005
Step 5: Configure Dynamic DNS (If Needed)
If your network has a permanently assigned IP address, you can register a domain name and have
that name linked with your IP address by public Domain Name Servers (DNS). However, if your
Internet account uses a dynamically assigned IP address, you will not know in advance what your
IP address will be, and the address can change frequently. In this case, you can use a commercial
dynamic DNS service, which allows you to register an extension to its domain, and restores DNS
requests for the resulting FQDN to your frequently-changing IP address.
which will allow you to register your domain to their IP address, and will forward traffic directed
to your domain to your frequently-changing IP address.
For rollover mode, you are going to need a fully qualified domain name to implement features
such as exposed hosts and virtual private networks regardless of whether you have a fixed or
dynamic IP address.
For load balancing mode, you may still need a fully qualified domain name either for
convenience or if you have a dynamic IP address.
The firewall contains a client that can connect to a dynamic DNS service provider. To use this
feature, you must select a service provider and obtain an account with them. After you have
configured your account information in the firewall, whenever your ISP-assigned IP address
changes, your firewall will automatically contact your dynamic DNS service provider, log in to
your account, and register your new IP address.
Perform the following steps to configure Dynamic DNS:
1.
If you haven’t already, log in to the firewall at its default LAN address of
with its default user name of
admin
, default password of
password
, or using whatever
password and LAN address you have chosen for the firewall.
2.
From the Main Menu of the browser interface, under WAN Setup, click on Dynamic DNS.
a.
Rollover Mode
: You will get the screen shown in
Figure 4-8
with
AUTO_ROLLOVER
shown in the pulldown.
b.
Load Balancing Mode
: Select
WAN1
or
WAN2
in the pulldown shown in
Figure 4-8
to
invoke the appropriate WAN interface to program.
Page 65 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Connecting the FVS124G to the Internet
4-21
202-10085-01, March 2005
Figure 4-8:
Dynamic DNS screens
Dynamic DNS screen for rollover mode
Dynamic DNS screens for load balancing mode

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top