1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv2
    5. /
  5. 36
Page 176 / 203 Scroll up to view Page 171 - 175
176
|
Appendix B:
Network Planning for Dual WAN Ports
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
-
For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP
entry for the Ethernet adapter, and click Properties. Record all the settings for each
screen.
-
For Macintosh computers, open the TCP/IP or Network control panel. Record all the
settings for each section.
Once you locate your Internet configuration parameters, you may want to print this Internet
Connection Information form and record them.
Internet Connection Information Form
Print this page and fill in the configuration parameters from your ISP.
ISP Login Name:
The login name and password are case-sensitive and must be entered
exactly as given by your ISP. For AOL customers, the login name is the primary screen name.
Some ISPs use your full e-mail address as the login name. The Service Name is not required
by all ISPs. If you connect using a login name and password, then fill in the following:
Login Name:
___________________________ Password:
__________________________
Service Name:
_____________________________
Fixed or Static IP Address:
If you have a static IP address, record the following information.
For example, 169.254.141.148 could be a valid IP address.
Fixed or Static Internet IP Address:
______.
______.
______.
______
Gateway IP Address:
______.
______.
______.
______
Subnet Mask:
______.
______.
______.
______
ISP DNS Server Addresses:
If you were given DNS server addresses, fill in the following:
Primary DNS Server IP Address:
______.
______.
______.
______
Secondary DNS Server IP Address:
______.
______.
______.
______
Host and Domain Names:
Some ISPs use a specific host or domain name like
CCA7324-A
or
home
. If you have not been given host or domain names, you can use the following
examples as a guide:
If your main e-mail account with your ISP is
, then use
aaa
as your host
name. Your ISP might call this your account, user, host, computer, or system name.
If your ISP’s mail server is
mail.xxx.yyy.com
, then use
xxx.yyy.com
as the domain
name.
ISP Host Name:
_______________________ ISP Domain Name:
_____________________
Fully Qualified Domain Name:
Some organizations use a fully qualified domain name
(FQDN) from a dynamic DNS service provider for their IP addresses.
Dynamic DSN Service Provider:
____________________ FQDN:
_____________________
Page 177 / 203
Appendix B:
Network Planning for Dual WAN Ports
|
177
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Overview of the Planning Process
The areas that require planning when using a firewall that has dual WAN ports include:
Inbound traffic (port forwarding, port triggering)
Outbound traffic (protocol binding)
Virtual private networks (VPNs)
The two WAN ports can be configured on a mutually-exclusive basis to either:
Rollover for increased reliability, or
Balance the load for outgoing traffic.
These two categories of considerations interact to make the planning process more
challenging.
Inbound Traffic
Unrequested incoming traffic can be directed to a PC on your LAN rather than being
discarded. The mechanism for making the IP address public depends on whether the dual
WAN ports are configured to either roll over or balance the loads.
Virtual Private Networks (VPNs)
A virtual private network (VPN) tunnel provides a secure communication channel between
either two gateway VPN firewalls or between a remote PC client and gateway VPN firewall.
As a result, the IP address of at least one of the tunnel end points must be known in advance
in order for the other tunnel end point to establish (or re-establish) the VPN tunnel.
Note:
Once the gateway firewall WAN port rolls over, the VPN tunnel
collapses and must be re-established using the new WAN IP
address.
The Roll-over Case for Firewalls With Dual WAN Ports
Rollover for the dual WAN port case is different from the single gateway WAN port case when
specifying the IP address. Only one WAN port is active at a time and when it rolls over, the IP
Page 178 / 203
178
|
Appendix B:
Network Planning for Dual WAN Ports
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
address of the active WAN port always changes. Hence, the use of a fully-qualified domain
name is always required, even when the IP address of each WAN port is fixed.
Figure B-2
Features such as multiple exposed hosts are not supported when using dual WAN port
rollover because the IP addresses of each WAN port must be in the identical range of fixed
addresses.
The Load Balancing Case for Firewalls with Dual WAN Ports
Load balancing for the dual WAN port case is similar to the single WAN port case when
specifying the IP address. Each IP address is either fixed or dynamic based on the ISP:
fully-qualified domain names must be used when the IP address is dynamic and are optional
when the IP address is static.
Figure B-3
Load Balancing Case for Firewalls with Dual WAN Ports
Inbound Traffic
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Inbound
Rules menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN
hosts on your network.
Page 179 / 203
Appendix B:
Network Planning for Dual WAN Ports
|
179
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
The addressing of the VPN firewall’s dual WAN port depends on the configuration being
implemented:
Inbound Traffic to Single WAN Port (Reference Case)
The Internet IP address of the VPN firewall’s WAN port must be known to the public so that
the public can send incoming traffic to the exposed host when this feature is supported and
enabled.
In the single WAN case, the WAN’s Internet address is either fixed IP or a fully-qualified
domain name if the IP address is dynamic.
Figure B-4
Inbound Traffic to a Single WAN Port
Inbound Traffic to Dual WAN Port Systems
The IP address range of the VPN firewall’s WAN port must be both fixed and public so that
the public can send incoming traffic to the multiple exposed hosts when this feature is
supported and enabled.
Table B-1.
IP addressing requirements for exposed hosts in dual WAN port systems
Configuration and
WAN IP address
Single WAN Port
(reference case)
Dual WAN Port Cases
Rollover
Load Balancing
Inbound traffic
Port forwarding
Port triggering
Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
Page 180 / 203
180
|
Appendix B:
Network Planning for Dual WAN Ports
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Inbound Traffic: Dual WAN Ports for Improved Reliability
In the dual WAN port case with rollover, the WAN’s IP address will always change at rollover.
A fully-qualified domain name must be used that toggles between the IP addresses of the
WAN ports (that is, WAN1 or WAN2).
Figure B-5
Inbound Traffic with Dual WAN Ports
Inbound Traffic: Dual WAN Ports for Load Balancing
In the dual WAN port case for load balancing, the Internet address of each WAN port is either
fixed if the IP address is fixed or a fully-qualified domain name if the IP address is dynamic.
Note:
Load balancing is implemented for outgoing traffic and not for
incoming traffic. Consider making one of the WAN port Internet
addresses public and keeping the other one private in order to
maintain better control of WAN port traffic.
Figure B-6
Load Balancing with Dual WAN Ports

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top