I need to load balance http and ssl traffic through proxy based firewalls (Gauntlet)to a server farm. I've been told I can't use the usual paths through the firewalls but need to load balance the firewalls as if they were servers which would then proxy the session to the Internal content switch which will load balance to the servers.
Any ideas if this will work or how to do it? I need to keep the SSL sessions sticky as well.
When traffic goes through a group of firewalls, the reverse path must include the same firewall as the original path. Each of the Firewall load balancing switches can choose the same firewall for the reverse traffic that the other load-balancing switch chose for the original traffic.
The following link discusses this and I guess it will help solve your problem.
Thanks Gilles, I'll have some test gear to try this out in the next few days. By Proxy, I mean the firewall terminates the users session and starts a new session to the server on the inside so there are 2 parts to a users end to end session.
I'm using two CSS11506's, the external one will have a config like you mention here and the firewalls will send the sessions to the VIP address of the internal CSS11506 which will load balance between the servers.
I have been told that I need to have an SSL accelerator in order to guarantee sticky SSL sessions and that it needs to be in the external CSS, any comments on that?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...