Load Balancing Policy Examples
Firebox Vclass User Guide 233
challenge is to evenly distribute each new data request to a
different server, although the requests originally expect
128.100.0.2 to answer.
1 Open the System Configuration dialog box and use
the Route tab to either add a default gateway or
change the existing default gateway to 128.100.0.1.
2 Open the Insert Security Policy dialog box and make
the following entries.
Consider what would happen if the above firewall policy is
the only one implemented. Clients attempting to access
Web servers in the DMZ network will endure long wait
times. The existing Web servers cannot share the total load
of HTTP requests. If one of the Web servers is overloaded
with requests, the other two Web servers will not pick up
the excess requests automatically.
A load balancing policy fixes these problems. Because all
clients use the publicly routable IP address (128.100.0.2),
the Firebox Vclass appliance automatically receives all
such requests and distributes them to the Web servers in
the DMZ net, regardless of what IP addresses each Web
server is assigned.
In this example, the site’s publicly routable IP address will
be assigned to the appliance’s Public interface. The result-
ing load balancing policy will distribute HTTP requests to
each of the Web servers in turn:
1 Reopen the firewall policy.
2 Change the Destination to 128.100.0.2.
3 Click the New button to the right of the NAT/LB
Action drop-down list.
4 When the New NAT Action dialog box appears, enter
a name for the new action, such as
Web-load.
5 From the NAT Type drop-down list, select Virtual IP.
Name Source Destination Srvc Incoming Firewall
Allow_HTTP ANY 127.10.10.0 HTTP 1 Pass
To Next Page
Loading...
