Demilitarized Zone (Dmz) Configuration Example - Avaya P333R-LB Installation And Configuration Manual

Demilitarized Zone (DMZ) Configuration Example

The following figure illustrates Transparent FWLB with DMZ configuration.
Figure 14.2 Transparent Routing FWLB Sample DMZ Configuration
LAN
Note:
1. When configuring routing firewalls as Real Servers, you must give an ID to each
Real Server. This ID must match the ID given to the same firewall on the second
load balancer.
2. The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
To configure your network as in Figure 14.2, the following should be done:
• The LAN routers (or hosts) should be configured with 10.4.1.3 as the next hop
toward the WAN (the default gateway in many cases).
• The access router should be configured with 193.170.1.1 as the next hop toward
the LAN.
• The firewalls should be configured with 10.1.1.3 as the next hop towards the
LAN, and 10.2.1.3 as the next hop toward the WAN (internet).
• The firewalls must be configured to allow ICMP Ping to pass between the two
load balancers (10.1.1.3 and 10.2.1.3) for health-check purposes.
• Each load balancer must be configured to two virtual firewall services. In
Figure 14.2, P333R-LB1 should be assigned to the WAN and DMZ, P333R-LB2
to the LAN and DMZ, and P333R-LB3 to the LAN and WAN.
Avaya P333R-LB User's Guide
Firewall 1
10.1.1.1
10.3.1.1
10.1.1.3
10.4.1.3
Server
10.1.1.2
P333R-LB 1
10.3.1.2
Server
Firewall 2
RSG
10.3.1.3
fw- group
P333R-LB 3
193.170.2.3
DMZ
Chapter 14 Load Balancing in the P333R-LB
10.2.1.1
10.2.1.3
193.170.1.1
Access Router
P333R-LB 2
10.2.1.2
193.170.1.2
Internet
9