1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 10
Page 46 / 469 Scroll up to view Page 41 - 45
IPv4 and IPv6 Internet and WAN Settings
46
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
In the Load Balancing Settings section of the screen, configure the following settings:
a.
Select the
Primary WAN Mode
radio button.
b.
From the corresponding drop-down list on the right, select a WAN interface to
function as the primary WAN interface. The other WAN interfaces become disabled.
c.
Select the
Auto Rollover
check box.
d.
From the corresponding drop-down list on the right, select a WAN interface to
function as the backup WAN interface.
Note:
Ensure that the backup WAN interface is configured before enabling
auto-rollover mode.
3.
Click
Apply
to save your settings.
Configure the Failure Detection Method for IPv4 Interfaces
To configure the failure detection method:
1.
Select
Network Configuration > WAN Settings > WAN Setup
. In the upper right of the
screen, the IPv4 radio button is selected by default. The WAN Setup screen displays the
IPv4 settings (see
Figure
11
on page
31).
2.
Click the
Edit
table button in the Action column of the WAN interface that you selected as
the primary WAN interface. The WAN IPv4 ISP Settings screen displays (see
Figure
12
on
page
32, which shows the WAN2 IPv4 ISP Settings screen as an example).
3.
Click the
Advanced
option arrow in the upper right of the screen. The WAN Advanced
Options screen displays for the WAN interface that you selected. (For an image of the entire
screen, see
Figure
46
on page
73).
4.
Locate the Failure Detection Method section on the screen. Enter the settings as described
in the following table.
Figure 24.
Page 47 / 469
IPv4 and IPv6 Internet and WAN Settings
47
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
The default time to roll over after the primary WAN interface has
failed is 2
minutes. The minimum test period is 30 seconds, and the
minimum number of tests is 2.
5.
Click
Apply
to save your settings.
You can configure the VPN firewall to generate a WAN status log and email this log to a
specified address (see
Configure Logging, Alerts, and Event Notifications
on page
362).
Configure Secondary WAN Addresses
You can set up a single WAN Ethernet port to be accessed through multiple IPv4 addresses
by adding aliases to the port. An alias is a secondary WAN address. One advantage is, for
example, that you can assign different virtual IP addresses to a web server and an FTP
server, even though both servers use the same physical IP address. You can add several
secondary IP addresses to a single WAN port.
Table 7.
Failure detection method settings
Setting
Description
Failure Detection
Method
Select a failure detection method from the drop-down list:
WAN DNS
. DNS queries are sent to the DNS server that is configured in the
Domain Name Server (DNS) Servers section of the WAN ISP screen (see
Manually Configure an IPv4 Internet Connection
on page
34).
Custom DNS
. DNS queries are sent to a DNS server that you need to specify in
the DNS Server fields.
Ping
. Pings are sent to a public IP address that you need to specify in the IP
Address field.
Note:
DNS queries or pings are sent through the WAN interface that is being
monitored. The retry interval and number of failover attempts determine how quickly
the VPN firewall switches from the primary link to the backup link if the primary link
fails, or when the primary link comes back up, switches back from the backup link to
the primary link.
DNS Server
The IP address of the DNS server.
IP Address
The IP address of the interface that should receive the ping request. The interface
should not reject the ping request and should not consider ping traffic to be abusive.
Retry Interval is
The retry interval in seconds. The DNS query or ping is sent after every retry interval.
The default retry interval is 30 seconds.
Failover after
The number of failover attempts. The primary WAN interface is considered down after
the specified number of queries have failed to elicit a reply. The backup interface is
brought up after this situation has occurred. The failover default is 4
failures.
Page 48 / 469
IPv4 and IPv6 Internet and WAN Settings
48
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
After you have configured secondary WAN addresses, these addresses are displayed on the
following firewall rule screens:
In the WAN Destination IP Address drop-down lists of the following inbound firewall rule
screens:
-
Add LAN WAN Inbound Service screen
-
Add DMZ WAN Inbound Service screen
In the NAT IP drop-down lists of the following outbound firewall rule screens:
-
Add LAN WAN Outbound Service screen
-
Add DMZ WAN Outbound Service screen
For more information about firewall rules, see
Overview of Rules to Block or Allow Specific
Kinds of Traffic
on page
136).
Note:
It is important that you ensure that any secondary WAN addresses
are different from the primary WAN, LAN, and DMZ IP addresses
that are already configured on the VPN firewall. However, primary
and secondary WAN addresses can be in the same subnet.
The following is an example of correctly configured IP addresses:
Primary WAN1 IP address: 10.0.0.1 with subnet 255.0.0.0
Secondary WAN1 IP: 30.0.0.1 with subnet 255.0.0.0
Primary WAN2 IP address: 20.0.0.1 with subnet 255.0.0.0
Secondary WAN2 IP: 40.0.0.1 with subnet 255.0.0.0
DMZ IP address: 192.168.10.1 with subnet 255.255.255.0
Primary LAN IP address: 192.168.1.1 with subnet 255.255.255.0
Secondary LAN IP: 192.168.20.1 with subnet 255.255.255.0
To add a secondary WAN address to a WAN port:
1.
Select
Network Configuration > WAN Settings > WAN Setup
. In the upper right of the
screen, the IPv4 radio button is selected by default. The WAN Setup screen displays the
IPv4 settings (see
Figure
11
on page
31).
2.
Click the
Edit
table button in the Action column of the WAN interface for which you want to
add a secondary WAN address. The WAN IPv4 ISP Settings screen displays (see
Figure
12
on page
32, which shows the WAN2 IPv4 ISP Settings screen as an example).
3.
Click the
Secondary Addresses
option arrow in the upper right of the screen. The WAN
Secondary Addresses screen displays for the WAN interface that you selected. (The
following figure shows the WAN1 Secondary Addresses screen as an example and includes
one entry in the List of Secondary WAN addresses table.)
Page 49 / 469
IPv4 and IPv6 Internet and WAN Settings
49
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 25.
The List of Secondary WAN addresses table displays the secondary LAN IP addresses
added for the selected WAN interface.
4.
In the Add WAN Secondary Addresses section of the screen, enter the following settings:
IP Address
. Enter the secondary address that you want to assign to the WAN port.
Subnet Mask
. Enter the subnet mask for the secondary IP address.
5.
Click the
Add
table button in the rightmost column to add the secondary IP address to the
List of Secondary WAN addresses table.
6.
(Optional) Repeat
Step
4
and
Step
5
for each secondary IP address that you want to add to
the List of Secondary WAN addresses table.
To delete one or more secondary addresses:
1.
In the List of Secondary WAN addresses table, select the check box to the left of the
address that you want to delete, or click the
Select All
table button to select all
addresses.
2.
Click the
Delete
table button.
Configure Dynamic DNS
Dynamic DNS (DDNS) is an Internet service that allows devices with varying public IPv4
addresses to be located using Internet domain names. To use DDNS, you need to set up an
account with a DDNS provider such as DynDNS.org, TZO.com, Oray.net, or 3322.org. (Links
to DynDNS, TZO, Oray, and 3322 are provided for your convenience as option arrows on the
DDNS configuration screens.) The VPN firewall firmware includes software that notifies
DDNS servers of changes in the WAN IP address so that the services running on this
network can be accessed by others on the Internet.
If your network has a permanently assigned IP address, you can register a domain name and
have that name linked with your IP address by public Domain Name Servers (DNS).
However, if your Internet account uses a dynamically assigned IP address, you do not know
in advance what your IP address will be, and the address can change frequently—hence, the
need for a commercial DDNS service, which allows you to register an extension to its
domain, and restores DNS requests for the resulting fully qualified domain name (FQDN) to
your frequently changing IP address.
Page 50 / 469
IPv4 and IPv6 Internet and WAN Settings
50
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
After you have configured your account information on the VPN firewall, when your
ISP-assigned IP address changes, your VPN firewall automatically contacts your DDNS
service provider, logs in to your account, and registers your new IP address. Consider the
following:
For auto-rollover mode, you need a fully qualified domain name (FQDN) to implement
features such as exposed hosts and virtual private networks regardless of whether you
have a fixed or dynamic IP address.
For load balancing mode, you might still need a fully qualified domain name (FQDN)
either for convenience or if you have a dynamic IP address.
Note:
If your ISP assigns a private WAN IP address such as 192.168.x.x or
10.x.x.x, the DDNS service does not work because private
addresses are not routed on the Internet.
To configure DDNS:
1.
Select
Network Configuration > Dynamic DNS
. The Dynamic DNS screen displays
(see the following figure).
The WAN Mode section on the screen reports the configured WAN mode (for example,
Single Port WAN1, Load Balancing, or Auto Rollover). Only those options that match the
configured WAN mode are accessible on the screen.
2.
Click the submenu tab for your DDNS service provider:
Dynamic DNS
for DynDNS.org (which is shown in the following figure)
DNS TZO
for TZO.com
DNS Oray
for Oray.net
3322 DDNS
for 3322.org

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top