03-22-2005 09:36 AM
CSM Config below. Configured FTP 4 redundancy. Is there a way 2 tie PRIMARYOUTBOUND SF/VS probes 2 FTPOUT SF/VS so I don't have 2 send additional pings 2 remote side. Current setup requires each new SF/VS pair 2 send pings 2 remote side - Doesn't seem scalable.
R-----R
| |
CSM---CSM
| |
FW FW (Both firewalls are used simultaneously)
| |
CSM---CSM
| |
R-----R
module CSM 4
ft group 2 vlan 167
priority 110
preempt
!
vlan 160 client
ip address 192.168.200.165 255.255.255.240
route x.x.x.x x.x.x.0 gateway 192.168.200.161
route x.x.x.x x.x.x.0 gateway 192.168.200.161
route x.x.x.x x.x.x.0 gateway 192.168.200.161
alias 192.168.200.166 255.255.255.240
!
vlan 161 server
ip address 192.168.200.10 255.255.255.240
alias 192.168.200.12 255.255.255.240
!
probe OUT-SRV-ALIAS icmp
address 192.168.252.65
interval 5
failed 10
!
probe FWOS-[R]-CLIENT icmp
address 192.168.252.51
interval 5
failed 10
!
real B12-GEFW1-DMZ
address 192.168.200.8
inservice
real FW-GEFW1-DMZ
address 192.168.200.9
inservice
!
serverfarm BACKUP-FTPOUT
no nat server
no nat client
predictor hash address source
failaction purge
real name B12-GEFW1-DMZ
inservice
probe OUT-SRV-ALIAS
!
serverfarm BACKUP-OUTBOUND
no nat server
no nat client
predictor hash address source
failaction purge
real name B12-GEFW1-DMZ
inservice
probe OUT-SRV-ALIAS
!
serverfarm FTPOUT
no nat server
no nat client
predictor hash address source
failaction purge
real name B12-GEFW1-DMZ
health probe FWOS-[R]-CLIENT
inservice
real name FW-GEFW1-DMZ
inservice
probe OUT-SRV-ALIAS
!
serverfarm OUTSIDE-TO-NIH
no nat server
no nat client
predictor forward
failaction purge
!
serverfarm PRIMARYOUTBOUND
no nat server
no nat client
predictor hash address source
failaction purge
real name B12-GEFW1-DMZ
health probe FWOS-[R]-CLIENT
inservice
real name FW-GEFW1-DMZ
inservice
probe OUT-SRV-ALIAS
!
serverfarm RETURN-FTP
no nat server
no nat client
predictor forward
failaction purge
!
sticky 20 netmask 255.255.255.255 timeout 300
!
policy HOW-TO-FORWARD
serverfarm PRIMARYOUTBOUND backup BACKUP-OUTBOUND sticky
!
policy FTP
serverfarm FTPOUT backup BACKUP-FTPOUT sticky
!
vserver FTPOUT
virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp
vlan 160
sticky 300 group 20
reverse-sticky 20
replicate csrp sticky
replicate csrp connection
persistent rebalance
slb-policy FTP
inservice
!
vserver NIH-161-VS-A
virtual xxx.xxx.0.0 255.255.0.0 any
vlan 161
serverfarm OUTSIDE-TO-NIH
replicate csrp sticky
replicate csrp connection
persistent rebalance
inservice
!
vserver NIH-TO-OUTSIDE
virtual 0.0.0.0 0.0.0.0 any
vlan 160
replicate csrp sticky
replicate csrp connection
persistent rebalance
slb-policy HOW-TO-FORWARD
inservice
!
vserver RETURN-FTP
virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp
vlan 161
serverfarm RETURN-FTP
replicate csrp sticky
replicate csrp connection
persistent rebalance
inservice
vserver type prot virtual vlan state conns
NIH-161-VS-A SLB any x.x.x.x/16:0 161 OPERAT 27377
NIH-161-VS-B SLB any x.x.x.x/16:0 161 OPERAT 2051
NIH-161-VS-C SLB any x.x.x.x/16:0 161 OPERAT 1986
NIH-161-VS-D SLB any x.x.x.x/18:0 161 OPERAT 108
NIH-TO-OUTSIDE SLB any 0.0.0.0/0:0 160 OPERAT 57919
FTPOUT SLB TCP 0.0.0.0/0:21 160 OPERAT 79
RETURN-FTP SLB TCP 0.0.0.0/0:21 161 OPERAT 0
show mod csm 4 policy
policy: HOW-TO-FORWARD
serverfarm: PRIMARYOUTBOUND
backup serverfarm: BACKUP-OUTBOUND (sticky)
policy: FTP
serverfarm: FTPOUT
backup serverfarm: BACKUP-FTPOUT (sticky)
03-28-2005 11:27 AM
As far as I know, this cannot be done.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: