Adding A Layer 4 Virtual Cluster - Coyote Point Systems E350GX Installation And Administration Manual

enable unsafe
renegotiation
no header rewrite

Adding a Layer 4 Virtual Cluster

To add a new Layer 4 virtual cluster, follow these steps:
1. Log into the Administrative Interface using a login that has add/del access for global parameters (see "Logging
In" on page 52).
2. Right click on
Equalizer
and select
Add Cluster
3. Select or
Layer 4 TCP
4. Enter the following information:
Cluster Name
Cluster IP Address
Equalizer Installation and Administration Guide
SSL session renegotiation is disabled by default for HTTPS clusters to
close the security vulnerability described at:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3355
While there is usually no reason to use client-side renegotiation, it is
typically used by some websites to allow different SSL certificates to be
used for different parts of a website. Equalizer only supports this type of
configuration when redirects are used. With redirects, renegotiation
does not occur -- the client starts a new SSL session when redirected to
a different part of the website that requires a new certificate.
If the allow unsafe renegotiation option is enabled, all clients will be
permitted to renegotiate SSL session IDs. Enabling this option is not
recommended by Coyote Point, since it leaves your configuration open
to session stealing and data injection.
Note that if SSL processing is done in software (as on the E250GX and
E350GX), then newer clients that contain the fix for CVE-2009-3355 will
be able to renegotiate SSL sessions.
When enabled, forces Equalizer to pass responses from an HTTPS
cluster's servers without rewriting them. In the typical Equalizer setup,
you configure servers in an HTTPS cluster to listen and respond using
HTTP; Equalizer communicates with the clients using SSL. If a server
sends an HTTP redirect using the Location: header, this URL most likely
will not include the https: protocol. Equalizer rewrites responses from
the server so that they are HTTPS. You can direct Equalizer to pass
responses from the server without rewriting them by enabling the no
header rewrite flag.
(or the configure Failover Peer Name for this Equalizer) at the top of the left frame,
from the menu that appears. The
and then click the
Layer 4 UDP
The logical name for the cluster, or accept Equalizer's default. Each cluster
must have a unique name that begins with an alphabetical character (for
example, CPImages).
Enter the ip address, which is the dotted decimal IP address of the cluster.
The IP address of the cluster is the external address (for example,
199.146.85.0) with which clients connect to the cluster.
dialog appears.
Add New Cluster
icon .
Next
Working with Virtual Clusters
121