4.2 Firewalls and Dynamic IP Addressing

The introduction of broadband as an Internet connection option also introduced the need to support dynamic endpoint IP addresses. Many broadband vendors use DHCP to supply IP addresses to Internet access devices (IADs). These IP addresses are leased for a specific period and can change without notice when the lease expires. DSL and cable modems are usually provisioned with IP addresses assigned via DHCP.

Corente Cloud Services Exchange has built support for these environments into its core service. This support for dynamic IP enhances the VPN, allowing the IP address of a destination to change without compromising the VPN connections. This support also impacts the specification of firewall rules at central sites and data centers. Since the IP addresses of remote VPN locations change, the firewalls that permit access to (or from) these locations cannot specify individual static IP addresses in the rule set. Instead, rules must be specified using ANY IP ADDRESS settings for the VPN to function properly.

The support of dynamic IP addresses is also necessary for dynamic failover with the Corente SCP. Corente Cloud Services Exchange supports geographically dispersed data centers that use different IP addresses for redundancy and scalability. Each new VPN element must download software from the Corente SCP when first being installed. When establishing connections, each VPN element first attempts to contact the Corente SCP for security updates and location information. This connection is maintained for monitoring, alerting, and distribution of updates.

To ensure that gateways can contact or be automatically rehomed to a different Corente SCP without having to modify firewall rules with new IP addresses, Corente Cloud Services Exchange recommends the use of ANY IP ADDRESS in the firewall rules for the Corente SCP connections.

See Section 4.3, “Recommended Firewall Settings” for recommended firewall settings when your locations on the VPN use dynamic IP addresses.

See Section 4.4, “Recommended Router Configuration” for recommendations on how to configure the routers on the network at your locations.

Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices