ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networks (VPNs)
A virtual private network (VPN) tunnel provides a secure communication channel between either
two gateway VPN firewalls or between a remote PC client and gateway VPN firewall. As a result,
the IP address of at least one of the tunnel end points must be known in advance in order for the
other tunnel end point to establish (or re-establish) the VPN tunnel.
Note: Once the gateway firewall WAN port rolls over, the VPN tunnel collapses and must
be re-established using the new WAN IP address.
The Roll-over Case for Firewalls With Dual WAN Ports
Rollover for the dual WAN port case is different from the single gateway WAN port case when
specifying the IP address. Only one WAN port is active at a time and when it rolls over, the IP
address of the active WAN port always changes. Hence, the use of a fully-qualified domain name
is always required, even when the IP address of each WAN port is fixed.
Figure B-2
Features such as multiple exposed hosts are not supported when using dual WAN port rollover
because the IP addresses of each WAN port must be in the identical range of fixed addresses.
B-6
Network Planning for Dual WAN Ports
v1.0, January 2010