ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Network Planning for Dual WAN Ports (UTM25 Only)
B-9
v1.0, September 2009
Virtual Private Networks (VPNs)
When implementing virtual private network (VPN) tunnels, a mechanism must be used for
determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN
port depends on the configuration being implemented:
Figure B-6
Table B-2. IP addressing requirements for VPNs in dual WAN port systems
Configuration and WAN IP address
Single WAN Port
Configurations
(Reference Cases)
Dual WAN Port Configurations
Rollover Mode
a
a. All tunnels must be re-established after a rollover using the new WAN IP address.
Load Balancing Mode
“VPN Road Warrior (Client-
to-Gateway)
”
Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
“VPN Gateway-to-Gateway
” Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
“VPN Telecommuter (Client-
to-Gateway Through a NAT
Router)
”
Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required