Filter
Top Products
Web OS 10.0 Application Guide
Chapter 13: Firewall Load Balancing
349
212777-A, February 2002
Adding a Demilitarized Zone (DMZ)
Implementing a DMZ in conjunction with firewall load balancing enables the Web switch to
do the traffic filtering, off-loading this task from the firewall. A DMZ is created by configuring
FWLB with another real server group and a redirection filter towards the DMZ subnets.
The DMZ servers can be connected to the Web switch on the dirty side of the firewall. A typi-
cal firewall load balancing configuration with a DMZ is shown in Figure 13-10.
Figure 13-10 Typical Firewall Load-Balancing Topology with DMZ
The DMZ servers can be attached to the Web switch directly or through an intermediate hub or
switch. The Web switch is then configured with filters to permit or deny access to the DMZ
servers. In this manner, two levels of security are implemented: one that restricts access to the
DMZ through the use of Web switch filters, and another that restricts access to the clean net-
work through the use of stateful inspection performed by the firewalls.
Firewalls
DMZ
Web Switches
Internet
Private
Network
Note: There can be
one or two DMZs.
Web Switches