Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 13: Firewall Load Balancing

n

325

212777-A, February 2002

15.

Add the filters to the ingress ports for the outbound packets.

Redirection filters are needed on all the ingress ports on the clean-side Web switch. Ingress
ports are any that attach to real servers or internal clients on the clean-side of the network. In
this case, two real servers are attached to the clean-side Web switch on port 4 and port 5.

16.

Define static routes to the dirty-side IP interfaces, using the firewalls as gateways.

One static route is required for each firewall path being load balanced. In this case, two paths
are required: one that leads to dirty-side IF 2 (10.1.1.1) through the first firewall (10.1.3.10) as
its gateway, and one that leads to dirty-side IF 3 (10.1.2.1) through the second firewall
(10.1.4.10) as its gateway.

N

OTE

–

Configuring static routes for FWLB does not require IP forwarding to be turned on.

17.

Apply and save the configuration changes.

>> Filter 15# ../port 4

(Select ingress port 4)

>> SLB Port 4# add 10

(Add the filter to the ingress port)

>> SLB Port 4# add 15

(Add the filter to the ingress port)

>> SLB Port 4# filt ena

(Enable filtering on the port)

>> SLB Port 4# ../port 5

(Select ingress port 5)

>> SLB Port 5# add 10

(Add the filter to the ingress port)

>> SLB Port 5# add 15

(Add the filter to the ingress port)

>> SLB Port 5# filt ena

(Enable filtering on the port)

>> SLB Port 5# /cfg/ip/route

>> IP Static Route# add 10.1.1.1 255.255.255.255 10.1.3.10

>> IP Static Route# add 10.1.2.1 255.255.255.255 10.1.4.10

>> # apply

>> # save