We are trying to figure out if it is possible to port forward traffic from the Internet to a CSS content rule and have it load balance across a set of services with-out a default gateway.
Here is what we have:
(Port forward SMTP from public IP to private IP VIP address on CCS)
| Internal Network A
| Internal Network B
| SMTP VIP on Internal Network C
Because the source IP is a public IP, we seem to only be able to make this work by configuring a global IP route of 0.0.0.0 0.0.0.0 to the Internal Network B IP on FirewallA.
Although it does work, we want to add another FirewallB for just HTTP traffic to be port forwarded to a different VIP; i.e. we want SMTP traffic through one firewall, and HTTP traffic through a different one. Now I have two paths to maintain a session. Can the CSS support this type of configuration? Is there a better way (we tried firewall load balancing the first time around, but were unable to get it to allow different protocols to go through different firewalls.)
you can configure 2 defaut routes on the css, it will select the appropriate one automatically based on where the request came from.
So, if your HTTP traffic comes in from firewall-B, the CSS will send the response to firewall-B.