07-15-2009 03:15 AM
Let's suppose I have 2 web servers load balanced on a CSS with a configured service on port 443. Is there a way to drop all requests that are not for port 443? Or do I need to put the CSS behind a firewall to acheive this?
Solved! Go to Solution.
07-15-2009 03:26 AM
You can use an ACL to accomplish this:
VIP: 10.0.0.1
protocol: 443
client-side VLAN: 10
acl 1
clause 10 permit any any destination 10.0.0.1 eq 443
clause 20 deny any any destination 10.0.0.1
clause 30 permit any any destination any
apply circuit-VLAN10
This will
- allow 443 to the VIP from any source
- deny all the rest to the VIP
- allow any other traffic
- apply the ACL to the circuit VLAN10
don't forget to globally enable ACLs:
acl enable
HTH,
Dario
07-15-2009 03:26 AM
You can use an ACL to accomplish this:
VIP: 10.0.0.1
protocol: 443
client-side VLAN: 10
acl 1
clause 10 permit any any destination 10.0.0.1 eq 443
clause 20 deny any any destination 10.0.0.1
clause 30 permit any any destination any
apply circuit-VLAN10
This will
- allow 443 to the VIP from any source
- deny all the rest to the VIP
- allow any other traffic
- apply the ACL to the circuit VLAN10
don't forget to globally enable ACLs:
acl enable
HTH,
Dario
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide