Chapter 2 network planning, Overview of the planning process, Single or multiple exposed hosts – NETGEAR ProSafe FVX538 User Manual

Network Planning Guide for ProSafe VPN Firewall Router FVX538

Network Planning

2-1

October 2004

Chapter 2

Network Planning

This chapter describes the factors to consider when planning a network using a router that has dual
WAN ports.

Overview of the Planning Process

The areas that require planning when using a router that has dual WAN ports include:

•

Single or multiple exposed hosts

•

Virtual private networks (VPNs)

The two WAN ports can be configured on a mutually-exclusive basis to either:

•

Fail over for increased system reliability, or

•

Balance the load for outgoing traffic

These two categories of considerations interact to make the planning process more challenging.

Single or Multiple Exposed Hosts

Unrequested incoming traffic can be directed to one or more exposed hosts rather than being
discarded. As a result, the IP address of at least one WAN port must always be public.

The mechanism for making the IP address public depends on whether there are single or multiple
exposed hosts and whether the dual WAN ports are configured to either fail over or balance the
loads. See

“Single or Multiple Exposed Hosts” on page 2-3

for further discussion.

Note: Exposed hosts are sometimes referred to as DMZ hosts. Unlike hardware-based
DMZ ports, however, exposed hosts are implemented in software and do not enjoy the
same level of firewall protection that hardware-based DMZ ports do. Use the exposed
host feature at your own risk.