ProSafe VPN Firewall 200 FVX538 Reference Manual
Inbound Traffic
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Inbound Rules
menu. Instead of discarding this traffic, you can have it forwarded to one or more LAN hosts on
your network.
The addressing of the firewall's dual WAN port depends on the configuration being implemented:
Table B-1. IP addressing requirements for exposed hosts in dual WAN port systems
Configuration and
WAN IP address
Inbound traffic
• Port forwarding
• Port triggering
• DMZ port
Inbound Traffic to Single WAN Port (Reference Case)
The Internet IP address of the firewall's WAN port must be known to the public so that the public
can send incoming traffic to the exposed host when this feature is supported and enabled.
In the single WAN case, the WAN's Internet address is either fixed IP or a fully-qualified domain
name if the IP address is dynamic.
Figure B-4
Inbound Traffic to Dual WAN Port Systems
The IP address range of the firewall's WAN port must be both fixed and public so that the public
can send incoming traffic to the multiple exposed hosts when this feature is supported and enabled.
B-8
Single WAN Port
(reference case)
Fixed
Allowed
(FQDN optional)
Dynamic
FQDN required
v1.0, March 2009
Dual WAN Port Cases
Rollover
FQDN required
FQDN required
Network Planning for Dual WAN Ports
Load Balancing
Allowed
(FQDN optional)
FQDN required