ProSafe VPN Firewall 200 FVX538 Reference Manual

2-10

Connecting the FVX538 to the Internet

v1.0, March 2009

When the router is configured in Auto-Rollover Mode, the router uses the

WAN Failure

Detection Method

to check the connection of the primary link at regular intervals to detect router

status. Link failure is detected in one of the following ways:

•

By using DNS queries to a DNS server, or

•

By a Ping to an IP address.

For each WAN interface, DNS queries or Ping requests are sent to the specified IP address. If

replies are not received, the corresponding WAN interface is considered down.

To configure the dual WAN ports for Auto-Rollover

1.

Select

Network Configuration

from the primary menu and

WAN Mode

from the secondary

menu. The WAN Mode screen will display.

2.

In the

Port Mode

section, check the

Auto-Rollover Using WAN port

radio box.

3.

Selection the WAN port that will act as the primary link for this mode from the pull-down

menu.

4.

From the

WAN Failure detection Method

section, select the detection failure method radio

box from one of the following choices:

•

DNS lookup using configured DNS Servers (ISP DNS Servers)

– In this case, DNS

queries are sent to the DNS server configured on the WAN ISP pages (see

“Configuring

the Internet Connections to Your ISPs” on page 2-2

).

•

DNS lookup using this DNS Server

(for example, a public DNS Server) – Enter any

public DNS server. DNS queries are sent to this server through the WAN interface being

monitored.

•

Ping to this IP address

– Enter a public IP address that will not reject the Ping request or

will not consider the traffic abuse. Queries are sent to this server through the WAN

interface being monitored.

5.

Enter a

Test Period

in seconds. DNS query is sent periodically after every test period. The

default test period is 30 seconds.

ProSafe VPN Firewall 200 FVX538 Reference Manual

Connecting the FVX538 to the Internet

2-11

v1.0, March 2009

6.

Enter the

Maximum Failover

amount. The WAN interface is considered down after the

configured number of queries have failed to elicit a reply. The rollover link is brought up after

this. The Failover default is 4 failures.

The default time to roll over after the primary WAN interface fails is 2 minutes (a 30-second

minimum test period, times a minimum of 4 tests).

7.

Click

Apply

to save your settings.

8.

Click

Reset

to revert to the previous settings.

Once a rollover occurs, an alert will be generated (see

“E-Mail Notifications of Event Logs and

Alerts” on page 4-39

). When notified that the failed WAN interface has been restored, you can

force traffic back on the original primary WAN interface by reapplying the Auto-Rollover settings

in the WAN Port Mode menu.

Figure 2-4

ProSafe VPN Firewall 200 FVX538 Reference Manual

2-12

Connecting the FVX538 to the Internet

v1.0, March 2009

Setting Up Load Balancing

To use multiple ISP links simultaneously, select Load Balancing. In Load Balancing mode, both

links will carry data for the protocols that are bound to them. For example, if the HTTP protocol is

bound to WAN1 and the FTP protocol is bound to WAN2, then the router will automatically

channel FTP data from and to the computers on the LAN through the WAN2 port. All HTTP

traffic will be routed through the WAN1 port.

Load Balancing can be used to segregate traffic between links that are not of the same speed. High

volume traffic can be routed through the port connected to a high speed link and low volume

traffic can be routed through the port connected to the low speed link.

To configure the dual WAN ports for load balancing with protocol binding:

1.

Check the Load Balancing radio button on the WAN Mode screen shown in

Figure 2-4

above,

and click

view protocol bindings

(if protocol binding is needed)

.

The

WAN1 Protocol

Bindings

screen will display.

2.

Enter the following data in the

Add Protocol Binding

section:

Note:

NETGEAR recommends that all specific traffic (for example, HTTP) be

configured for the WAN2 port. The only way to make certain traffic goes out one

port and all other traffic goes out the other port is to use WAN2 for specified

traffic.

Figure 2-5

ProSafe VPN Firewall 200 FVX538 Reference Manual

Connecting the FVX538 to the Internet

2-13

v1.0, March 2009

a.

Service

– From the pull-down menu, select the desired Services or applications to be

covered by this rule. If the desired service or application does not appear in the list, you

must define it using the Services menu (see

“Services-Based Rules” on page 4-2

).

b.

Destination Network

– These settings determine which Internet locations are covered by

the rule, based on their IP address. Select the desired option:

•

Any

– All Internet IP address are covered by this rule.

•

Single address

– Enter the required address in the start fields.

•

Address range

– If this option is selected, you must enter the start and finish fields.

c.

Source Network

– These settings determine which computers on your network are

affected by this rule. Select the desired options:

•

Any

– All PCs and devices on your LAN.

•

Single address

– Enter the required address and the rule will be applied to that

particular PC.

•

Address range

– If this option is selected, you must enter the start and finish fields.

•

Group 1-Group 8

– If this option is selected, the devices assigned to this group will

be affected. (You may also assign a customized name to the group. See

Edit Group

Names

on the

Groups and Hosts

menu in the

LAN Groups

sub-menu.)

3.

Click

Add

in the Add column adjacent to the rule

.

The new Protocol Binding Rule will be

enabled and added to the Protocol Binding Table for the WAN1 port.

Select the

WAN2 Protocol Bindings

tab, and repeat steps 1 through 9, to set protocol bindings

for the WAN2 port.

To Edit or Add additional Protocol Binding settings:

1.

Select

Network Configuration

from the main menu and

Protocol Binding

from the

submenu. The

WAN1 Protocol Bindings

screen will display.

You can add or edit protocol bindings to either the WAN1 port or click the

WAN2 Protocol

Bindings

tab to access the

WAN2 Protocol Bindings

screen. To add a new protocol binding,

following the preceding procedure.

2.

Check the radio button adjacent to the protocol binding rule you want to modify. Click

Edit

in

the Action column adjacent to the rule. The

Edit Protocol Binding

screen will display.

ProSafe VPN Firewall 200 FVX538 Reference Manual

2-14

Connecting the FVX538 to the Internet

v1.0, March 2009

3.

Modify the parameters for the protocol binding service you selected.

4.

Click

Apply.

The modified rule will be enabled and appear in the Protocol Binding table.

5.

Click

Reset

to return to the previously configured settings.

Configuring Dynamic DNS (If Needed)

Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses

to be located using Internet domain names. To use DDNS, you must setup an account with a

DDNS provider such as DynDNS.org, TZO.com, or Oray.net. (Links to DynDNS, TZO, and Oray

are provided for your convenience on the

Dynamic DNS Configuration

screen.) The VPN

firewall firmware includes software that notifies dynamic DNS servers of changes in the WAN IP

address, so that the services running on this network can be accessed by others on the Internet.

If your network has a permanently assigned IP address, you can register a domain name and have

that name linked with your IP address by public Domain Name Servers (DNS). However, if your

Internet account uses a dynamically assigned IP address, you will not know in advance what your

Figure 2-6