Setting Up Slb - D-Link NetDefend DFL-210 User Manual

10.4.6. SLB_SAT Rules
Rule Name
WEB_SLB_ALW
Note that the destination interface is specified as core, meaning NetDefendOS itself deals with this.
The key advantage of having a separate Allow rule is that the webservers can log the exact IP
address that is generating external requests. Using only a NAT rule, which is possible, means that
webservers would see only the IP address of the NetDefend Firewall.
Example 10.3. Setting up SLB
In this example server load balancing is to be done between 2 HTTP webservers which are situated behind the
NetDefend Firewall. The 2 webservers have the private IP addresses 192.168.1.10 and 192.168.1.11
respectively. The default SLB values for monitoring, distribution method and stickiness are used.
A NAT rule is used in conjunction with the SLB_SAT rule so that clients behind the firewall can access the
webservers. An Allow rule is used to allow access by external clients.
Web Interface
A. Create an Object for each of the webservers:
1. Go to Objects > Address Book > Add > IP Address
2. Enter a suitable name, for example server1
3. Enter the IP Address as 192.168.1.10
4. Click OK
5. Repeat the above to create an object called server2 for the 192.168.1.11 IP address
B. Create a Group which contains the 2 webserver objects:
1. Go to Objects > Address Book > Add > IP4 Group
2. Enter a suitable name, for example server_group
3. Add server1 and server2 to the group
4. Click OK
C. Specify the SLB_SAT IP rule:
1. Go to Rules > IP Rule Sets > main > Add > IP Rule
2. Enter:
• Name: Web_SLB
• Action: SLB_SAT
• Service: HTTP
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: ip_ext
3. Select tab SAT SLB
4. Under Server Addresses add server_group to Selected
5. Click OK
D. Specify a matching NAT IP rule for internal clients:
Rule Type Src Interface
Allow any
431
Chapter 10. Traffic Management
Src Network Dest Interface
all-nets core
Dest Network
ip_ext