Packets Flow By Sat; Scenario: Enabling Slb - D-Link DFL-1600 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1600:
- Quick manual (22 pages) ,
- User manual (552 pages) ,
- Log reference manual (476 pages)
Table of Contents
Advertisement
268
Destination Host Unreachable message will be sent by the firewall once the
active server list is empty.
ICMP Ping
At OSI layer 3, the check involves a Ping to the real server's IP address to
see whether the server is up and running.
TCP Connection
At OSI layer 4, the firewall attempts to connect to a configured port of the
server where an application is running. For example, if the server is running
web application (HTTP) on port 80, the firewall will try to establish a
connection to bind to that port. It sends a TCP SYN request to port 80 on
that server and waits for a TCP SYN/ACK in return; if failing, it marks
the port 80 to be down on that server.
24.2.4
Packets Flow by SAT
In D-Link firewalls, load-balancing enabled SAT rule is used to translate
packets exchanged between a client and real servers. When a new
connection is being opened, the SAT rule is triggered; it translates the
public server farm IP address to a real server address. Necessary
modification to the packets is performed by the underlying system
determined by NAT or Allow rule.
24.3
The main configuration steps necessary for enabling SLB function in
D-Link firewalls are outlined as follows:
Specifying a
farm by selecting the objects with correct IP.
Specifying the
SAT rule with filtering fields for the firewall to match the traffic flow
and trigger the SLB .
Specifying
distribution policies the firewall should use.
Chapter 24. Server Load Balancing (SLB)
: Enabling SLB
– Define a group of servers as a server
D-Link Firewalls User's Guide
rule – Configure a
– Provide the
Advertisement
Table of Contents
