ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Figure B-10
The IP addresses of the WAN ports can be either fixed or dynamic, but you must always use an
FQDN because the active WAN port could be either WAN1 or WAN2 (that is, the IP address of the
active WAN port is not known in advance).
After a rollover of the WAN port has occurred, the previously inactive gateway WAN port
becomes the active port (port WAN2 in
Figure
B-11) and the remote PC client must reestablish the
VPN tunnel. The gateway WAN port must act as the responder.
Figure B-11
The purpose of the FQDN in this case is to toggle the domain name of the gateway firewall
between the IP addresses of the active WAN port (that is, WAN1 and WAN2) so that the remote
PC client can determine the gateway IP address to establish or reestablish a VPN tunnel.
B-12
Network Planning for Multiple WAN Ports
v1.0, April 2010