Table of Contents
Advertisement
8.
Create a filter to allow local subnet traffic on the dirty side of the firewalls to reach the
firewall interfaces.
>> Layer 4# /cfg/slb/filt 10
>> Filter 10# sip any
>> Filter 10# dip 192.16.12.0
>> Filter 10# action allow
>> Filter 10# ena
9.
Create the FWLB redirection filter.
This filter will redirect inbound traffic, load balancing it among the defined real servers in the
group. In this network, the real servers represent IP interfaces on the clean-side Web switch.
>> Filter 10# ../filt 15
>> Filter 15# sip any
>> Filter 15# dip any
>> Filter 15# proto any
>> Filter 15# action redir
>> Filter 15# group 1
>> Filter 15# ena
10.
Add filters to the ingress port.
>> Filter 15# ../port 1
>> SLB Port 1# add 10
>> SLB Port 1# add 15
>> SLB Port 1# filt ena
11.
Define static routes to the clean-side IP interfaces, using the firewalls as gateways.
One static route is required for each firewall path being load balanced. In this case, two paths
are required: one that leads to clean-side IF 2 (10.1.3.1) through the first firewall (10.1.1.10) as
its gateway, and one that leads to clean-side IF 3 (10.1.4.1) through the second firewall
(10.1.2.10) as its gateway.
>> SLB Port 5# /cfg/ip/route
>> IP Static Route# add 10.1.3.1 255.255.255.255 10.1.1.10
>> IP Static Route# add 10.1.4.1 255.255.255.255 10.1.2.10
12.
Apply and save the configuration changes.
>> # apply
>> # save
212777-A, February 2002
Web OS 10.0 Application Guide
(Select filter 10)
(From any source IP address)
(To this destination IP address)
(Allow frames with this DIP address)
(Enable filter)
(Select filter 15)
(From any source IP address)
(To any destination IP address)
(For any protocol)
(Perform redirection)
(To real server group 1)
(Enable the filter)
(Select the ingress port)
(Add the filter to the ingress port)
(Add the filter to the ingress port)
(Enable filtering on the port)
Chapter 13: Firewall Load Balancing
n
321
Advertisement
Table of Contents
