D-Link NetDefend DFL-210 User Manual page 240

10.3.6. SLB_SAT Rules
The key component in setting up SLB is the SLB_SAT rule in the IP Rule-set. The steps that should
be followed are:
1. Define an Object for each server for which SLB is to be done.
2. Define a Group which included all these objects
3. Define an SLB_SAT Rule in the IP Rule-set which refers to this Group and where all other
SLB parameters are defined.
4. Define a further rule that duplicates the source/destination interface/network of the SLB_SAT
rule that allows traffic through. The could be one or combination of
• ForwardFast
• Allow
• NAT
The table below shows the rules that would be defined for a typical scenario of a set of webservers
behind a D-Link Firewall for which the load is being balanced. The ALLOW rule allows external
clients to access the webservers.
Rule Name
WEB_SLB
WEB_SLB_ALW ALLOW
If there are clients on the same network as the webservers that also need access to those webservers
then an NAT rule would also be used:
Rule Name
WEB_SLB
WEB_SLB_NAT
WEB_SLB_ALW ALLOW
Note that the destination interface is specified as core, meaning NetDefendOS itself deals with this.
The key advantage of having a separate ALLOW rule is that the webservers can log the exact IP ad-
dress that is generating external requests. Using only a NAT rule, which is possible, means that
webservers would see only the IP address of the D-Link Firewall
Rule Type Src. Interface
SLB_SAT any
any
Rule Type Src. Interface
SLB_SAT any
NAT lan
any
Src. Network
all-nets
all-nets
Src. Network
all-nets
lannet
all-nets
227
Chapter 10. Traffic Management
Dest. Interface Dest. Network
core ip_ext
core ip_ext
Dest. Interface Dest. Network
core ip_ext
core ip_ext
core ip_ext