Netgear FVS338 참조 매뉴얼
Reference Manual for the ProSafe VPN Firewall 50 FVS338
3-2
Network Planning
January 2005
The Fail-over Case for Routers With Dual WAN Ports
Failover (
) for the dual WAN port case is different from the single gateway WAN port
case when specifying the IP address. Only one WAN port is active at a time and when it fails over,
the IP address of the active WAN port always changes. Hence, the use of a fully-qualified domain
name is always required, even when the IP address of each WAN port is fixed.
the IP address of the active WAN port always changes. Hence, the use of a fully-qualified domain
name is always required, even when the IP address of each WAN port is fixed.
Figure 3-1: Dual WAN ports before and after failover
Features such as multiple exposed hosts are not supported in general when using dual WAN port
failover because the IP addresses of each WAN port must be in the identical range of fixed
addresses.
failover because the IP addresses of each WAN port must be in the identical range of fixed
addresses.
Single or Multiple Exposed Hosts
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Incoming
Rules menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts
on your network. These LAN hosts are called exposed hosts. The addressing of the router’s dual
WAN port depends on the configuration being implemented:
response to one of your local computers or a service that you have configured in the Incoming
Rules menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts
on your network. These LAN hosts are called exposed hosts. The addressing of the router’s dual
WAN port depends on the configuration being implemented:
Note: Once the gateway router WAN port fails over, the VPN tunnel collapses and must
be re-established using the new WAN IP address.
be re-established using the new WAN IP address.
Note: In certain locales, an ISP has been able to provision the same IP address for the
broadband and PSTN service so that the failover to a serial connection would be as
seamless as possible.
broadband and PSTN service so that the failover to a serial connection would be as
seamless as possible.
Router
WAN1 port active
WAN1 IP
Dual WAN Ports (Before Failover)
WAN2 IP (N/A)
WAN2 port inactive
Router
WAN1 port inactive
WAN1 IP (N/A)
Dual WAN Ports (After Failover)
WAN2 IP
WAN2 port active
IP address of active WAN port changes after a failover:
o use of fully-qualified domain names always required
o features requiring fixed IP address blocks not supported
o use of fully-qualified domain names always required
o features requiring fixed IP address blocks not supported
X
X
X
X
PSTN
PSTN