1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 38
Page 186 / 203 Scroll up to view Page 181 - 185
186
|
Appendix B:
Network Planning for Dual WAN Ports
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
and port WAN_A2 is inactive at Gateway A; port WAN_B1 is active and port WAN_B2 is
inactive at Gateway B.
Figure B-14
Gateway-to-Gateway, Dual WAN Ports
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a
fully-qualified domain name must always be used because the active WAN ports could be
either WAN_A1, WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port
is not known in advance).
After a rollover of a gateway WAN port, the previously inactive gateway WAN port becomes
the active port (port WAN_A2 in this example) and one of the gateway VPN firewalls must
re-establish the VPN tunnel.
Figure B-15
Gateway to Gateway, Dual WAN Ports after Rollover
The purpose of the fully-qualified domain names is this case is to toggle the domain name of
the failed-over gateway firewall between the IP addresses of the active WAN port (i.e.,
WAN_A1 and WAN _A2 in this example) so that the other end of the tunnel has a known
gateway IP address to establish or re-establish a VPN tunnel.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN firewall, either of the gateway WAN
ports at one end can be programmed in advance to initiate the VPN tunnel with the
Page 187 / 203
Appendix B:
Network Planning for Dual WAN Ports
|
187
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
appropriate gateway WAN port at the other end as necessary to manage the loads of the
gateway WAN ports because the IP addresses of the WAN ports are known in advance.
Figure B-16
Gateway-to-Gateway, Dual WAN Ports, Load Balancing
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address
is dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a
fully-qualified domain name is optional.
VPN Telecommuter (Client-to-Gateway Through a NAT Router)
Note:
The telecommuter case presumes the home office has a dynamic IP
address and NAT router.
The following situations exemplify the requirements for a remote PC client connected to the
Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a
gateway VPN firewall at the company office:
Single gateway WAN port
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
Dual gateway WAN ports used for load balancing
Page 188 / 203
188
|
Appendix B:
Network Planning for Dual WAN Ports
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
VPN Telecommuter: Single Gateway WAN Port (Reference Case)
In the case of the single WAN port on the gateway VPN firewall, the remote PC client at the
NAT router initiates the VPN tunnel because the IP address of the remote NAT router is not
known in advance. The gateway WAN port must act as the responder.
Figure B-17
Telecommuter, Single Gateway WAN Port
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, a fully-qualified domain name must be used. If the IP address is fixed, a
fully-qualified domain name is optional.
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability
In the case of the dual WAN ports on the gateway VPN firewall, the remote PC client initiates
the VPN tunnel with the active gateway WAN port (port WAN1 in this example) because the
IP address of the remote NAT router is not known in advance. The gateway WAN port must
act as the responder.
Figure B-18
Telecommuter, Dual WAN Ports, Before Rollover
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a
fully-qualified domain name must always be used because the active WAN port could be
either WAN1 or WAN2 (i.e., the IP address of the active WAN port is not known in advance).
Page 189 / 203
Appendix B:
Network Planning for Dual WAN Ports
|
189
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
After a rollover of the gateway WAN port, the previously inactive gateway WAN port becomes
the active port (port WAN2 in this example) and the remote PC must re-establish the VPN
tunnel. The gateway WAN port must act as the responder.
Figure B-19
Telecommuter Example
The purpose of the fully-qualified domain name is this case is to toggle the domain name of
the gateway router between the IP addresses of the active WAN port (i.e., WAN1 and WAN2)
so that the remote PC client can determine the gateway IP address to establish or
re-establish a VPN tunnel.
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN firewall, the remote PC client initiates
the VPN tunnel with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as
necessary to balance the loads of the two gateway WAN ports) because the IP address of
the remote NAT router is not known in advance. The chosen gateway WAN port must act as
the responder.
Figure B-20
Telecommuter, Dual WAN Ports, Load Balancing
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address
is dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a
fully-qualified domain name is optional.
Page 190 / 203
Appendix C:
Two Factor Authentication
|
190
Two Factor Authentication
C
This appendix provides an overview of Two-Factor Authentication, and an example of how to
implement the WiKID solution.
This appendix contains the following sections:
Why do I need Two-Factor Authentication?
” on this page.
“NETGEAR Two-Factor Authentication Solutions”
on page 191
Why do I need Two-Factor Authentication?
In today’s market, online identity theft and online fraud continue to be one of the fast-growing
cyber crime activities used by many unethical hackers and cyber criminals to steal digital
assets for financial gains. Many companies and corporations are losing millions of dollars and
running into risks of revealing their trade secrets and other proprietary information as the
results of these cyber crime activities. Security threats and hackers have become more
sophisticated, and user names, encrypted passwords, and the presence of firewalls are no
longer enough to protect the networks from being compromised. IT professionals and
security experts have recognized the need to go beyond the traditional authentication
process by introducing and requiring additional factors to the authentication process.
NETGEAR has also recognized the need to provide more than just a firewall to protect the
networks. As part the new maintenance firmware release, NETGEAR has implemented a
more robust authentication system known as Two-Factor Authentication (2FA or
T-FA) on its SSL and IPSec network storage product line to help address the fast-growing
network security issues.
What are the benefits of Two-Factor Authentication?
Stronger security
. Passwords cannot efficiently protect the corporate networks because
attackers can easily guess simple passwords or users cannot remember complex and
unique passwords. One-time passcode (OTP) strengthens and replaces the need to
remember complex password.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top