CSS11506 Reverse Proxy

Unanswered Question

Currently CSS terminates SSL connections for 2 backend web servers. Do these web servers need to be physically connected the CSS switch module ? Or can I move them to another segment of the network ?

Right now the reverse proxy function stops working if I move those web servers off the switch module of the CSS



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Fri, 05/11/2007 - 10:00
User Badges:
  • Blue, 1500 points or more

if the CSS is on another segment

different than the servers and there is a firewall in between then you must allow the keepalives to traverse through the firewall between the CSS and the servers. In case of either a router/firewall between two segments ,you need to make sure that return traffic doesnt bypass CSS.You can achieve this by using source natting.


Okay, well right now my CSS and the web servers are on the same segment. I'll get this working first before I move them across the firewall interface. Is there any special config I need to do on the CSS in order to get the connections working on the same segment but off the switch nodule of the CSS ?


This Discussion