I have two CSS devices, one set up at HQ and the other in DR.
Both are outside our Firewalls in one armed config mode.
Normal operation has HQ interenet intact and Web requests go to HQ servers, if HQ servers are down, the HQ CSS directs to DR through internal network.
If we loose HQ internet, the reverse happens from DR.
All of this is working as expected, but the source NAT from CSS using "destination service" is causing us problems and we need to get away from it.
The Firewalls will have to see the source IP addresses of the clients.
I am wondering if I were to move to the Global Server Load Balancing using DNS will solve this problem?
If the CSS stays where it is and is resolving names to the servers for the client, and the address is a NATed address on the Firewall, I should be ok as far as the servers seeing the source address of the request correct?