Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Network Planning
3-1
202-10085-01, March 2005
Chapter 3
Network Planning
This chapter describes the factors to consider when planning a network using a firewall that has
dual WAN ports.
Overview of the Planning Process
The areas that require planning when using a firewall that has dual WAN ports include:
•
Inbound traffic (e.g., port forwarding, port triggering)
•
Virtual private networks (VPNs)
The two WAN ports can be configured on a mutually-exclusive basis to either:
•
roll over for increased reliability, or
•
balance the load for outgoing traffic.
These two categories of considerations interact to make the planning process more challenging.
Inbound Traffic
Unrequested incoming traffic can be directed to a PC on your LAN rather than being discarded.
The mechanism for making the IP address public depends on whether the dual WAN ports are
configured to either roll over or balance the loads. See
“Inbound Traffic” on page 3-3
for further
discussion.
Virtual Private Networks (VPNs)
A virtual private network (VPN) tunnel provides a secure communication channel between either
two gateway VPN firewalls or between a remote PC client and gateway VPN firewall. As a result,
the IP address of at least one of the tunnel end points must be known in advance in order for the
other tunnel end point to establish (or re-establish) the VPN tunnel. See
“Virtual Private Networks
(VPNs)” on page 3-5
for further discussion.