07-15-2009 03:15 AM
Let's suppose I have 2 web servers load balanced on a CSS with a configured service on port 443. Is there a way to drop all requests that are not for port 443? Or do I need to put the CSS behind a firewall to acheive this?
Solved! Go to Solution.
07-15-2009 03:26 AM
You can use an ACL to accomplish this:
VIP: 10.0.0.1
protocol: 443
client-side VLAN: 10
acl 1
clause 10 permit any any destination 10.0.0.1 eq 443
clause 20 deny any any destination 10.0.0.1
clause 30 permit any any destination any
apply circuit-VLAN10
This will
- allow 443 to the VIP from any source
- deny all the rest to the VIP
- allow any other traffic
- apply the ACL to the circuit VLAN10
don't forget to globally enable ACLs:
acl enable
HTH,
Dario
07-15-2009 03:26 AM
You can use an ACL to accomplish this:
VIP: 10.0.0.1
protocol: 443
client-side VLAN: 10
acl 1
clause 10 permit any any destination 10.0.0.1 eq 443
clause 20 deny any any destination 10.0.0.1
clause 30 permit any any destination any
apply circuit-VLAN10
This will
- allow 443 to the VIP from any source
- deny all the rest to the VIP
- allow any other traffic
- apply the ACL to the circuit VLAN10
don't forget to globally enable ACLs:
acl enable
HTH,
Dario
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: