This is a common configuration for a resilient server infrastructure.
Of course, it is sensible to run resilient pairs for both the front end
firewalls, and the load balancers since you are investing in resilience.
You probably want to put the firewalls in front of the load balancers,
unless you want to perform fully load balanced firewalling with
something like a BigIP sandwich for example.
It is a simple enough configuration from firewall rulebase perspective,
the load balancers could be as simple or as complex as the site demands.
I would recommend BigIPs from my own experience with Load Balancers.
Jag
-----Original Message-----
From: Figaro, Nicolas [mailto:nfigaro AT CDCIXIS-CM DOT COM]
Sent: 25 February 2004 09:27
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Using a load balancing equipment with firewall1
Hi,
I'd like to use a load balancing equipment (like cisco css) in front of
web servers.
The goal is to have the load balancing capability and isolate the web
servers lan,
to avoid someone who takes control of one server to spread a virus
inside my network.
The config could be :
Load balancing -> firewall -> web servers
Firewall -> load balancing -> web servers
I can't use the logical server functionnality of checkpoint, because
most servers use https.
Has anyone ever done this ??
What are the hints ??
Thanks
Nicolas figaro
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Jag Bains
Network Security Engineer
Boxing Orange Ltd
t: 0871 871 2774
f: 0871
871 0068
Jag.Bains AT boxingorange DOT com
http://www.boxingorange.com/
This message (and any associated files) is intended only for the
use
of the individual or entity to which it is addressed and may
contain information that is
confidential, subject to copyright or
constitutes a trade secret. If you are not the intended
recipient
you are hereby notified that any dissemination, copying or
distribution of this
message, or files associated with this message,
is strictly prohibited. If you have received this
message in error,
please notify us immediately by replying to the message and deleting
it from
your computer. Messages sent to and from us may be monitored.
Internet communications cannot be guaranteed to be secure or error-free
as
information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or
contain viruses. Therefore, we do not accept
responsibility for any errors or omissions that are
present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version. Any views or
opinions presented are solely those of the author
and do not necessarily represent those of the
company.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
