I need loadbalance (LB) two Ironport ESA appliances.
The issue has two sides:
1. LB SMTP traffic
- SMTP communication is based only on one TCP connection. That mean, I don't need sticky session at the LB device.
2. LB access to quarantine
- this is HTTP(s) communication and it's needed sticky session for client at the LB device. My question is:
2.1 when I use SSL termination at Ironport device, sticky is based only at L3 (source IP).
2.2 but, when I use SSL termination on LB device (background communication to ESA is irrelevant) ESA box generate two cookies: 'sid' and 'euq_authenticated' that can I use for sticky session. My question is, which one can I use? 'sid' is generated after first access to ESA device (login prompt). 'euq_authenticated) is generated after login process.
I'm very familiar with LB technologie. I need explain only question 2.2.