Resultados descriptivos - RESULTADOS Y DISCUSIÓN

CAPITULO III RESULTADOS Y DISCUSIÓN

3.1. Resultados descriptivos

The dual WAN ports of the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports can be configured on a mutually exclusive basis for rollover (for increased system reliability), load balancing (for maximum bandwidth efficiency) or dedicated mode (for using only one WAN port). • Rollover (Auto-Rollover) Mode – In this mode, the selected WAN interface is made primary

and the other is the rollover link. As long as the primary link is up, all traffic is sent over the primary link. Once the primary WAN interface goes down, the rollover link is brought up to send the traffic.

Traffic will automatically roll back to the original primary link once the original primary link is back up and running again.

• Load Balancing Mode – In this mode the router distributes the outbound traffic equally among the WAN interfaces that are functional.

• Dedicated Mode – In this mode, the selected interface always will be active. All the traffic will be sent over this link and other link always will be down. Link failure detection (e.g., auto- rollover) will not occur in this mode.

For all alternatives, you must also set up Network Address Translation (NAT):

• NAT – NAT is the technology which allows all PCs on your LAN to share a single Internet IP address. From the Internet, there is only a single device (the Router) and a single IP address. PCs on your LAN can use any “private” IP address range, and these IP addresses are not visible from the Internet.

– The Router uses NAT to select the correct PC (on your LAN) to receive any incoming data.

– If you only have a single Internet IP address, you MUST use NAT. • Classical Routing

In this mode, the Router performs Routing, but without NAT. To gain Internet access, each PC on your LAN must have a valid Internet IP address.

If your ISP has allocated many IP addresses to you, and you have assigned one of these addresses to each PC, you can choose Classical Routing. Otherwise, selecting this method will not allow Internet access through this Router.

To learn the status of the WAN ports, you can view the Router Status page (see “Firewall Status” on page 5-14) or look at the LEDs on the front panel (see “Router Front Panel” on page 1-6).

Rollover Setup

To configure the dual WAN ports for rollover:

1. Click the WAN Mode link directly under Setup on the upper left of the main menu to invoke Note: Scenarios could arise when load balancing needs to be bypassed for certain

traffic or applications. Here the traffic needs to go on a specific WAN interface. This is done with the protocol binding rules of that WAN interface. The rule should match the desired traffic.

FVS124G ProSafe VPN Firewall 25 Reference Manual

2-13 Fill out the screen using the following parameter definitions:

• Detection of WAN failure – WAN failure is detected using DNS queries to the DNS server. For each WAN interface, DNS queries are sent to the configured DNS server. If the DNS replies are not received, the corresponding WAN interface is considered down. – ISP DNS Server – In this case, DNS queries are sent to the DNS server configured on

the WAN ISP pages (see “Configuring Dynamic DNS (If Needed)” on page 2-19). – Public DNS Server – The user is also given an option, to enter any Public DNS

server.DNS queries are sent to this server through the WAN interface being monitored.

• Test Period – DNS query is sent periodically after every test period. The minimum test period is 30 seconds.

• Maximum Failures – The WAN interface is considered down after the configured number of DNS queries have failed to elicit a DNS reply from the configured DNS server. The minimum number of failed DNS queries is four. The rollover link is brought up after this. Figure 2-4

The minimum time to roll over after the primary WAN interface fails is two minutes (i.e., 30 second minimum test period times a minimum of four tests).

2. Once a rollover occurs, an alert will be generated (see “Event Logs Alerts and E-Mail Notification” on page 3-33). You should then get the failed WAN interface restored and then force traffic back on the original primary WAN interface by reapplying the WAN Mode menu shown in Figure 2-4.

Load Balancing (and Protocol Binding) Setup

To configure the dual WAN ports for load balancing and protocol binding on outbound traffic: 1. Select Load Balancing on the screen shown in Figure 2-4 to invoke the WAN Mode Load

FVS124G ProSafe VPN Firewall 25 Reference Manual

2-15 Fill out the screen using the following parameter definitions:

the WAN ISP pages (see “Configuring Dynamic DNS (If Needed)” on page 2-19). – Public DNS Server – The user is also given an option to enter any Public DNS server.

DNS queries are sent to this server through the WAN interface being monitored. Figure 2-5

• Test Period – DNS query is sent periodically after every test period. The minimum test period is 30 seconds.

The minimum time for a WAN interface to be classified as having failed is two minutes (i.e., 30 second minimum test period times a minimum of four tests). All traffic then stops on that WAN port. Traffic that is not bound by protocol to the failed WAN port is then sent to the working WAN port. If the total traffic on the working WAN port exceeds its bandwidth, then congestion occurs.

Once a WAN interface fails, an alert will be generated (see “Event Logs Alerts and E-Mail Notification” on page 3-33). You must then get the failed WAN interface restored before it can carry traffic again by reapplying the WAN Mode menu shown in Figure 2-7.

2. Click Add in the appropriate WAN interface section of the WAN Mode Load Balancing screen to invoke the WAN Mode Protocol Bonding screen (if protocol binding is needed). Fill out the screen using the following parameter definitions:

• Service – Select the desired Services or applications to be covered by this rule. If the desired service or application does not appear in the list, you must define it using the Services menu (see “Services-Based Rules” on page 3-9).

• Source Network – These settings determine which computers on your network are affected by this rule. Select the desired options:

– Any – All PCs and devices on your LAN.

– Single address – Enter the required address and the rule will be applied to that particular PC.

– Address range – If this option is selected, you must enter the start and finish fields. – Groups – Select the Group you wish this rule to apply to. You can use the Network

Database screen to assign PCs to Groups.

• Destination Network – These settings determine which Internet locations are covered by the rule, based on their IP address. Select the desired option:

– Any – All Internet IP address are covered by this rule. – Single address – Enter the required address in the start fields.

FVS124G ProSafe VPN Firewall 25 Reference Manual

2-17 Dedicated Broadband Setup

To configure either WAN1 or WAN 2 for a dedicated broadband link:

• Click the WAN Mode link directly under Setup on the upper left of the main menu to invoke the WAN Mode Dedicated Broadband screen shown in Figure 2-6.

Fill out the screen using the following parameter definitions:

the WAN ISP pages (see “Connecting Your Firewall to Your Network” on page 2-6). – Public DNS Server – The user is also given an option, to enter any Public DNS

server.DNS queries are sent to this server through the WAN interface being monitored.

• Test Period – DNS query is sent periodically after every test period. The minimum test period is 30 seconds.

congestion occurs.

Configuring the WAN Options (If Needed)

In document Incidencia del sistema de costos por procesos en la rentabilidad de la empresa Industria Peruana Santa Lucia S A C , periodo 2015 (página 45-58)