03-05-2007 01:09 PM
We are trying to figure out if it is possible to port forward traffic from the Internet to a CSS content rule and have it load balance across a set of services with-out a default gateway.
Here is what we have:
Internet
|
|
RouterA
(Port forward SMTP from public IP to private IP VIP address on CCS)
|
| Internal Network A
|
FirewallA
|
| Internal Network B
|
11503CSS
|
| SMTP VIP on Internal Network C
|
+SMTPServiceA
|
+SMTPServiceB
Because the source IP is a public IP, we seem to only be able to make this work by configuring a global IP route of 0.0.0.0 0.0.0.0 to the Internal Network B IP on FirewallA.
Although it does work, we want to add another FirewallB for just HTTP traffic to be port forwarded to a different VIP; i.e. we want SMTP traffic through one firewall, and HTTP traffic through a different one. Now I have two paths to maintain a session. Can the CSS support this type of configuration? Is there a better way (we tried firewall load balancing the first time around, but were unable to get it to allow different protocols to go through different firewalls.)
Thanks!
- John
Solved! Go to Solution.
03-06-2007 12:27 AM
you can configure 2 defaut routes on the css, it will select the appropriate one automatically based on where the request came from.
So, if your HTTP traffic comes in from firewall-B, the CSS will send the response to firewall-B.
Gilles.
03-06-2007 12:27 AM
you can configure 2 defaut routes on the css, it will select the appropriate one automatically based on where the request came from.
So, if your HTTP traffic comes in from firewall-B, the CSS will send the response to firewall-B.
Gilles.
03-06-2007 11:01 AM
Gilles,
Wow, that works! However, I don't understand how or why it works. Seems like there are now two paths to the same network.
On a related note, with multiple default gateways on the CSS, how could I direct all outbound traffic that originates from the servers to a single default gateway? Does the CSS just round robin outbound traffic accross equal cost paths?
Thank you for your help.
- John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: