NETGEAR SRX5308 Reference Manual page 317

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
VPN Road Warrior: Single Gateway WAN Port (Reference Case)
In a single WAN port gateway configuration, the remote computer client initiates the VPN
tunnel because the IP address of the remote computer client is not known in advance. The
gateway WAN port needs to act as the responder.
Figure 190.
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, an FQDN needs to be used. If the IP address is fixed, an FQDN is optional.
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability
In a gateway configuration with dual WAN ports that function in auto-rollover mode, the
remote computer client initiates the VPN tunnel with the active WAN port (port WAN1 in the
following figure) because the IP address of the remote computer client is not known in
advance. The gateway WAN port needs to act as a responder.
Figure 191.
The IP addresses of the WAN ports can be either fixed or dynamic, but you always need to
use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP
address of the active WAN port is not known in advance).
After a rollover of the WAN port has occurred, the previously inactive gateway WAN port
becomes the active port (port WAN2 in the following figure) and the remote computer client
needs to reestablish the VPN tunnel. The gateway WAN port needs to act as the responder.
Network Planning for Multiple WAN Ports
317