Netgear FVS338 참조 매뉴얼
Reference Manual for the ProSafe VPN Firewall 50 FVS338
Network Planning
3-1
January 2005
Chapter 3
Network Planning
This chapter describes the factors to consider when planning a network using a router that has dual
WAN ports.
WAN ports.
Overview of the Planning Process
The areas that require planning when using a router that has dual WAN ports include:
•
Single or multiple exposed hosts
•
Virtual private networks (VPNs)
The two WAN ports can be configured to fail over for increased system reliability.
Single or Multiple Exposed Hosts
Unrequested incoming traffic can be directed to one or more exposed hosts rather than being
discarded. As a result, the IP address of at least one WAN port must always be public.
discarded. As a result, the IP address of at least one WAN port must always be public.
The mechanism for making the IP address public depends on whether there are single or multiple
exposed hosts and whether the dual WAN ports are configured to either fail over or balance the
loads. See
exposed hosts and whether the dual WAN ports are configured to either fail over or balance the
loads. See
Virtual Private Networks (VPNs)
A virtual private network (VPN) tunnel provides a secure communication channel between either
two gateway VPN routers or between a remote PC client and gateway VPN router. As a result, the
IP address of at least one of the tunnel end points must be known in advance in order for the other
tunnel end point to establish (or re-establish) the VPN tunnel. See
two gateway VPN routers or between a remote PC client and gateway VPN router. As a result, the
IP address of at least one of the tunnel end points must be known in advance in order for the other
tunnel end point to establish (or re-establish) the VPN tunnel. See
for further discussion.
Note: Exposed hosts are sometimes referred to as DMZ hosts. Unlike hardware-based
DMZ ports, however, exposed hosts are implemented in software and do not enjoy the
same level of firewall protection that hardware-based DMZ ports do. Use the exposed
host feature at your own risk.
DMZ ports, however, exposed hosts are implemented in software and do not enjoy the
same level of firewall protection that hardware-based DMZ ports do. Use the exposed
host feature at your own risk.