10-31-2011 11:08 AM
Hi ,
I am currently stuck with one LB implementation. I have one pair of LBs situated in DMZ zone which are load Balancing servers in secure zone as below :
internet - > External Firewall -> LB - > Application Servers
LBs are by passing internal firewall and inter VLAN routing is happening through LBs. Due to Security reasons I am complled to change the settings such that Traffic from LBs should pass through internal Firewall and then go to Application Servers and same should happen to return traffic .
What is the way out . I am looking at two options :
1. internt->external Firwal -> LB - internal Firewall -> Application Server : But I am not able to understand how to setup the routing in such a way that traffic is forwarded to internal firewall which then pass it on to Application Server. Is there any document available on this or any help ?
2. internet - > external Firewal -> LB ( Context1) -> internal Firewall - > LB ( Context 2) - > Application Server . In this case I want to create two context in same load Balancer one interfacing DMZ zone and other secure zone with on VIP each on both side . so DMZ Zone VIP will forward traffic to Secure Zone VIP which will then pass on to Application servers and eturn. IS this type of configuration possible please guide.
Thanks
10-31-2011 02:01 PM
You have to use source NAT on the LB.
This is called a 1-arm design.
PS : putting LB and load balanced front end web servers in different security zones is a nonsense.
10-31-2011 02:49 PM
Hi Surya,
In this case there are no front end web servers . LBs are directly load balancing application servers. So in this case how source NAT will help. In any case source NATing will happen on external firewall. please suggest.
Thanks
10-31-2011 03:01 PM
Your LB will act as a reverse proxy for your application servers.
Your external firewall will NAT the VIP owned by the ACE. Then the ACE will NAT flows to forward them to the application servers through the firewall to route the traffic to the servers.
The servers will see the flows as they were sourced by the ACE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide