1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 86
Page 426 / 469 Scroll up to view Page 421 - 425
Network Planning for Multiple WAN Ports
426
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 275.
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you always
need to use an FQDN because the active WAN ports could be either WAN_A1, WAN_A2,
WAN_B1, or WAN_B2 (that is, the IP address of the active WAN ports is not known in
advance).
After a rollover of a gateway WAN port, the previously inactive gateway WAN port becomes
the active port (port WAN_A2 in the following figure), and one of the gateways needs to
reestablish the VPN tunnel.
Figure 276.
The purpose of the FQDNs is to toggle the domain name of the rolled-over gateway between
the IP addresses of the active WAN port (that is, WAN_A1 and WAN_A2 in the previous
figure) so that the other end of the tunnel has a known gateway IP address to establish or
reestablish a VPN tunnel.
VPN Gateway-to-Gateway: Dual-Gateway WAN Ports for Load Balancing
In a configuration with two dual-WAN port VPN gateways that function in load balancing
mode, either of the gateway WAN ports at one end can be programmed in advance to initiate
the VPN tunnel with the appropriate gateway WAN port at the other end as necessary to
manage the loads of the gateway WAN ports because the IP addresses of the WAN ports are
known in advance.
Page 427 / 469
Network Planning for Multiple WAN Ports
427
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 277.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address
is dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional.
VPN Telecommuter (Client-to-Gateway through a NAT
Router)
Note:
The telecommuter case presumes the home office has a dynamic IP
address and NAT router.
The following situations exemplify the requirements for a remote computer client connected
to the Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with
a gateway VPN firewall at the company office:
Single-gateway WAN port
Redundant dual-gateway WAN ports for increased reliability (before and after rollover)
Dual-gateway WAN ports for load balancing
VPN Telecommuter: Single-Gateway WAN Port (Reference Case)
In a single WAN port gateway configuration, the remote computer client at the NAT router
initiates the VPN tunnel because the IP address of the remote NAT router is not known in
advance. The gateway WAN port needs to act as the responder.
Figure 278.
Page 428 / 469
Network Planning for Multiple WAN Ports
428
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, you need to use an FQDN. If the IP address is fixed, an FQDN is optional.
VPN Telecommuter: Dual-Gateway WAN Ports for Improved Reliability
In a gateway configuration with dual WAN ports that function in auto-rollover mode, the
remote computer client initiates the VPN tunnel with the active gateway WAN port (port
WAN1 in the following figure) because the IP address of the remote NAT router is not known
in advance. The gateway WAN port needs to act as the responder.
Figure 279.
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you always
need to use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is,
the IP address of the active WAN port is not known in advance).
After a rollover of the WAN port has occurred, the previously inactive gateway WAN port
becomes the active port (port WAN2 in the following figure), and the remote computer needs
to reestablish the VPN tunnel. The gateway WAN port needs to act as the responder.
Figure 280.
The purpose of the FQDN is to toggle the domain name of the gateway between the IP
addresses of the active WAN port (that is, WAN1 and WAN2) so that the remote computer
client can determine the gateway IP address to establish or reestablish a VPN tunnel.
Page 429 / 469
Network Planning for Multiple WAN Ports
429
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
VPN Telecommuter: Dual-Gateway WAN Ports for Load Balancing
In a gateway configuration with dual WAN ports that function in load balancing mode, the
remote computer client initiates the VPN tunnel with the appropriate gateway WAN port (that
is, port WAN1 or WAN2 as necessary to balance the loads of the two gateway WAN ports)
because the IP address of the remote NAT router is not known in advance. The selected
gateway WAN port needs to act as the responder.
Figure 281.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address
is dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional.
Page 430 / 469
430
C
C.
System Logs and Error Messages
This appendix provides examples and explanations of system logs and error message. When
applicable, a recommended action is provided.
This appendix contains the following sections:
System Log Messages
Routing Logs
Other Event Logs
DHCP Logs

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top