Inbound traffic, Inbound traffic to dual wan port systems, Inbound traffic -3 – NETGEAR ProSafe FVS124G User Manual

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Network Planning

3-3

202-10085-01, March 2005

Inbound Traffic

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Inbound Rules
menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts on
your network.

The addressing of the firewall’s dual WAN port depends on the configuration being implemented:

Inbound Traffic to Single WAN Port (Reference Case)

The Internet IP address of the firewall’s WAN port must be known to the public so that the public
can send incoming traffic to the exposed host when this feature is supported and enabled.

In the single WAN case (

Figure 3-3

), the WAN’s Internet address is either fixed IP or a

fully-qualified domain name if the IP address is dynamic.

Figure 3-3: Inbound traffic to single WAN port case

Inbound Traffic to Dual WAN Port Systems

The IP address range of the firewall’s WAN port must be both fixed and public so that the public
can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.

Table 3-1.

IP addressing requirements for exposed hosts in dual WAN port systems

Configuration and

WAN IP address

Single WAN Port

(reference case)

Dual WAN Port Cases

Rollover

Load Balancing

Inbound traffic
• Port forwarding
• Port triggering

Fixed

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

Dynamic

FQDN required

FQDN required

FQDN required

Router

netgear.dyndns.org

WAN IP

IP address of WAN port:
FQDN is required for dynamic IP address and is optional for fixed IP address