The Load Balancing Case for Firewalls With Dual WAN Ports
Load balancing for the dual WAN port case is similar to the single WAN port case when specifying
the IP address. Each IP address is either fixed or dynamic based on the ISP: fully-qualified domain
names must be used when the IP address is dynamic and are optional when the IP address is static.
Figure B-3
Inbound Traffic
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Inbound Rules
menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts on
your network.
The addressing of the VPN firewall's dual WAN port depends on the configuration being
implemented:
Table B-1. IP Addressing Requirements for Exposed Hosts in dual WAN Port Systems
Configuration and
WAN IP address
Inbound traffic
• Port forwarding
• Port triggering
• DMZ port
Inbound Traffic to Single WAN Port (Reference Case)
The Internet IP address of the VPN firewall's WAN port must be known to the public so that the
public can send incoming traffic to the exposed host when this feature is supported and enabled.
Network Planning for Dual WAN Ports
ProSafe VPN Firewall 200 FVX538 Reference Manual
Single WAN Port
(reference case)
Fixed
Allowed
(FQDN optional)
Dynamic
FQDN required
v1.0, January 2010
Dual WAN Port Cases
Rollover
FQDN required
FQDN required
Load Balancing
Allowed
(FQDN optional)
FQDN required
B-7