Netgear UTM9S – ProSECURE Unified Threat Management (UTM) Appliance with DSL and Wireless modules Manual De Referência

Overview of the Planning Process

The areas that require planning when you use a firewall that has dual WAN ports such as the 
UTM include the following:

Inbound traffic (port forwarding, port triggering)

Outbound traffic (protocol binding)

Virtual private networks (VPNs)

The two WAN ports can be configured on a mutually exclusive basis to either of the following:

Auto-rollover for increased reliability

Load balance for outgoing traffic

These various types of traffic and auto-rollover or load balancing all interact to make the 
planning process more challenging:

Inbound traffic. Unrequested incoming traffic can be directed to a PC on your LAN rather 

than being discarded. The mechanism for making the IP address public depends on 
whether the dual WAN ports are configured for auto-rollover or load balancing.

Virtual private networks. A virtual private network (VPN) tunnel provides a secure 

communication channel either between two gateway VPN firewalls or between a remote 
PC client and gateway VPN firewall. As a result, the IP address of at least one of the 
tunnel endpoints needs to be known in advance in order for the other tunnel endpoint to 
establish (or reestablish) the VPN tunnel. 

When the UTM’s WAN port rolls over, the VPN tunnel collapses and 

needs to be reestablished using the new WAN IP address. However, 
you can configure automatic IPSec VPN rollover to ensure that an 
IPSec VPN tunnel is reestablished.

Dual WAN ports in auto-rollover mode. Rollover for a UTM with dual WAN ports is 

different from a single WAN port gateway configuration when you specify the IP address. 
Only one WAN port is active at a time, and when it rolls over, the IP address of the active 
WAN port always changes. Therefore, the use of a fully qualified domain name (FQDN) is 
always required, even when the IP address of each WAN port is fixed.