Table of Contents
Advertisement
6.2.2. Reject/Drop blocked packets
When a connection request is received from a host, which is blocked using the ACL, the request is normally
ignored (dropped). The Load Master may however be configured to send back an ICMP reject packet. For
security reasons it is usually best to drop any blocked requests.
6.2.3. Access control Lists
The Load Master supports a "blacklist" Access Control List system. Any host or network entered into the
Access Control List will be blocked from accessing any service provided by the Load Master.
The Access Control List is only enabled when the Packet Filter is enabled.
6.2.4. Add Address
This option allows a user to add a host or network IP address to the Access Control List. Only "dotted-quad" IP
addresses are allowed. Using a network specifier specifies a network.
I.e. Specifying 192.168.200.0/24 will block all hosts on the 192.168.200 network.
6.3. Miscellaneous
6.3.1. SNAT Control
This toggle option will either enable or disable the S-NAT functionality of the Load Master. When S-NAT is
enabled, the real servers can access the Internet using the Load Master as a gateway. The Load Master will
use "masquerading" so that connection requests from the real servers seem to originate on the Load Master.
This means that the real servers can be on a private network and still have access to the Internet.
When S-NAT is disabled, the Load Master will not perform "masquerading" and so the real servers cannot
access the Internet through the Load Master.
In Single-Armed configurations, S-NAT does not provide any extra functionality.
6.3.2. Set Transfer Protocol
This option allows the user to specify which transfer method should be used to transfer data between the Load
Master and a remote server. The selected method is used to store a backup on a remote server, to download
software patches or to manage certificates. The default method is "ftp".
Use ftp protocol
Using this option, the Internet standard "ftp" protocol is used. Most servers support this protocol.
Use scp protocol
The "scp" - secure copy – transfer method may be selected. This is more secure than "ftp" but is normally
only supported on UNIX servers.
Use http protocol
Using this transfer method, backups to a remote server cannot be performed. Software patches can however
be downloaded from any Web server where the patch has been made available.
Note: The scp protocol cannot be used for transferring certificate files over WUI.
6.3.3. Set HA Timeout
This option is only available on HA systems.
With this option, the time it takes a HA cluster to detect a failure can be adjusted. A multiplier between and 1
and 5 can be set. The default value is 1. A lower value will detect failures sooner, while a higher value gives
better protection against a DOS attack.
Copyright © 2000 - 2005 KEMP Technologies, Inc. All Rights Reserved.
71
- Quick Links:
- Installation and Configuration
Hide quick links:
Advertisement
Table of Contents
