Filter
Top Products
Web OS 10.0 Application Guide
Chapter 13: Firewall Load Balancing
321
212777-A, February 2002
8. Create a filter to allow local subnet traffic on the dirty side of the firewalls to reach the
firewall interfaces.
9. Create the FWLB redirection filter.
This filter will redirect inbound traffic, load balancing it among the defined real servers in the
group. In this network, the real servers represent IP interfaces on the clean-side Web switch.
10. Add filters to the ingress port.
11. Define static routes to the clean-side IP interfaces, using the firewalls as gateways.
One static route is required for each firewall path being load balanced. In this case, two paths
are required: one that leads to clean-side IF 2 (10.1.3.1) through the first firewall (10.1.1.10) as
its gateway, and one that leads to clean-side IF 3 (10.1.4.1) through the second firewall
(10.1.2.10) as its gateway.
12. Apply and save the configuration changes.
>> Layer 4# /cfg/slb/filt 10 (Select filter 10)
>> Filter 10# sip any (From any source IP address)
>> Filter 10# dip 192.16.12.0 (To this destination IP address)
>> Filter 10# action allow (Allow frames with this DIP address)
>> Filter 10# ena (Enable filter)
>> Filter 10# ../filt 15 (Select filter 15)
>> Filter 15# sip any (From any source IP address)
>> Filter 15# dip any (To any destination IP address)
>> Filter 15# proto any (For any protocol)
>> Filter 15# action redir (Perform redirection)
>> Filter 15# group 1 (To real server group 1)
>> Filter 15# ena (Enable the filter)
>> Filter 15# ../port 1 (Select the ingress port)
>> SLB Port 1# add 10 (Add the filter to the ingress port)
>> SLB Port 1# add 15 (Add the filter to the ingress port)
>> SLB Port 1# filt ena (Enable filtering on the port)
>> SLB Port 5# /cfg/ip/route
>> IP Static Route# add 10.1.3.1 255.255.255.255 10.1.1.10
>> IP Static Route# add 10.1.4.1 255.255.255.255 10.1.2.10
>> # apply
>> # save