Table of Contents
Advertisement
Web OS 10.0 Application Guide
Complete the Configuration of the Primary Dirty-Side Web Switch
1.
Create an FWLB real server group on the primary dirty-side Web switch.
A real server group is used as the target for the FWLB redirection filter. Each IP address that is
assigned to the group represents a path through a different firewall. In this case, since two fire-
walls are used, two addresses are added to the group.
Earlier, it was stated that this example uses IF 2 on all Web switches whenever routing through
the top firewall, and IF 3 on all Web switches whenever routing through the lower firewall.
Therefore, the first address will represent the primary clean-side IF 2, and the second repre-
sents the primary clean-side IF 3.
>> # /cfg/slb
>> # on
>> # real 1
>> # rip 10.10.3.1
>> # ena
>> # ../real 2
>> # rip 10.10.3.2
>> # ena
>> # ../group 1
>> # add 1
>> # add 2
>> # metric hash
Using the hash metric, all traffic between specific IP source/destination address pairs flows
through the same firewall, ensuring that sessions established by the firewalls are maintained
for their duration (persistence).
N
OTE
response, and bandwidth, can be used when enabling the Return to Sender (RTS) option.
For more information, see
n
338
Chapter 13: Firewall Load Balancing
–
Other load balancing metrics, such as leastconns, roundrobin, minmiss,
"Free-Metric FWLB" on page
346.
212777-A, February 2002
Advertisement
Table of Contents
