Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

Configuring FWLB on the private-side of the WSM network

To configure the private-side network in the basic FWLB example:

  1. Configure VLANs on WSM-2 (private-side network) using the settings in the following table. For more information, see Configuring a VLAN.

    Field in Device Manager Setting for WSM-2
    VLAN
    13
    Name
    FWLB
    State
    Enabled
    Ports
    7, 8
    VLAN
    14
    Name
    FWLB
    State
    Enabled
    Ports
    5, 6

  2. On each WSM port for the private-side network, set the default VLAN number which will be used to forward frames which are not VLAN tagged. Use the settings in the following table. For more information, see Setting port parameters.

    Port Field in Device Manager Settings for WSM-2
    5
    Default VLAN
    14
    6
    Default VLAN
    14
    7
    Default VLAN
    13
    8
    Default VLAN
    13

  3. Remove the rear-facing ports from default VLANs 1 and 2 of the private-side network. For more information, see Configuring a VLAN

    VLAN Ports to remove
    1
    7 and 8

  4. Define the private-side IP interfaces using the settings in the following table. For more information, see Manually configuring an IP interface.
  5. Create one private-side IP interface on a different subnet for each firewall being load-balanced.

    Field in Device Manager Setting for WSM-2
    Interface Number
    1
    IP Address
    10.1.2.200
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    10.1.2.255
    VLAN
    14
    State
    Enabled
    Interface Number
    2
    IP Address
    210.1.2.200
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    210.1.2.255
    State
    Enabled
    VLAN
    13
    Interface Number
    3
    IP Address
    210.1.20.1
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    210.1.20.255
    State
    Enabled
    VLAN
    13

  6. Create two real servers on the private-side WSM, using the IP address of each public-side IP interface. Use the settings in the following table. For more information, see Configuring each real server.
  7. You should already have configured a public-side IP interface on a different subnet for each firewall path being load-balanced.  

    Field
    in Device Manager
    Setting
    for WSM-2
    Real Server
    1
    IP Address
    192.168.10.1
    State
    Enabled
    Name
    FWLB Server
    Real Server
    200
    IP Address
    192.168.1.200
    State
    Enabled
    Name
    FWLB Server

  8. Place the real servers (public-side IP interfaces) into a real server group using the settings in the following table. For more information, see Configuring a real server group.

    Note Note: The private-side WSM must use the same metric defined on the public side.

       

    Field
    in Device Manager
    Setting
    for WSM-2
    Group
    1
    Name
    FWLB Group
    Metric
    hash
    Health Check
    icmp
    Real Servers
    1 and 200

  9. Configure client processing on ports 7 and 8, which are connected to the private-side of the firewalls. For more information, see Configuring ports for server load balancing

    Port Field
    in Device Manager
    Setting
    for WSM-2
    7
    Load Balanced State
    client
    8
    Load Balanced State
    client

  10. Configure the real servers to which traffic will be load-balanced. These are the actual servers on the network. Use the settings in the following table. For more information, see Configuring each real server.

    Field
    in Device Manager
    Setting
    for WSM-2
    Real Server
    222
    IP Address
    10.1.2.222
    State
    Enabled
    Name
    FWLB Server
    Real Server
    223
    IP Address
    10.1.2.223
    State
    Enabled
    Name
    FWLB Server

  11. Place the real servers into a real server group using the settings in the following table. For more information, see Configuring a real server group.

    Field
    in Device Manager
    Setting
    for WSM-2
    Group
    200
    Name
    FWLB Group
    Metric
    hash
    Health Check
    icmp
    Real Servers
    222 and 223

  12. Configure the virtual server that will load balance the real servers using the settings in the following table. For more information, see Configuring a virtual server and Configuring services for a virtual server.

    Field
    in Device Manager
    Setting
    for WSM-2
    Virtual Server
    100
    IP Address
    10.1.2.100
    State
    Enabled
    Virtual Service
    [1 - 8]
    Real Group
    200

  13. Configure ports 5 and 6, which are connected to the real servers for server processing using the settings in the following table. For more information, see Configuring ports for server load balancing.  

    Port Field
    in Device Manager
    Setting
    for WSM-2
    5
    Load Balanced State
    server
    6
    Load Balanced State
    server

  14. Enable server load balancing on the WSM. For more information, see Enabling or disabling server load balancing.
  15. Create a filter to prevent server-to-server traffic from being redirected. Use the settings in the following table. For more information, see Creating a new filter.

    Field
    in Device Manager
    Setting
    for WSM-2
    Index
    50
    Name
    FWLB
    Filter
    Enabled
    Action
    Allow
    Source IP Address
    Any
    Destination IP Address
    10.1.2.0
    Destination IP Mask
    255.255.255.0

  16. Create the redirection filter for the private-side network using the settings in the following table. For more information, see Creating a new filter.
  17. This filter will redirect outbound traffic, load-balancing it among the defined real servers in the group. In this case, the real servers represent IP interfaces on the public-side WSM.

    Field
    in Device Manager
    Setting
    for WSM-2
    Index
    100
    Name
    FWLB Redirect
    Filter
    Enabled
    Action
    Redirect
    Source IP Address
    Any
    Destination IP Address
    Any
    Proto
    Any
    Redirection Group
    1

  18. Add the filters to the ingress ports for the outbound packets using the settings in the following table. For more information, see Enabling or disabling filtering on a port and Applying filters to a port.
  19. Redirection filters are needed on all the ingress ports on the private-side WSM. Ingress ports attach to real servers or internal clients on the private-side of the network. In this case, two real servers are attached to the private-side WSM on rear-facing ports 5 and 6.  

    Field
    in Device Manager
    Setting
    for WSM-2
    Port
    5
    Filtering
    Enabled
    Filters Applied
    50 and 100
    Port
    6
    Filtering
    Enabled
    Filters Applied
    50 and 100

  20. Define static routes to the public-side IP interfaces, using the firewalls as gateways. Use the settings in the following table. For more information, see Configuring static routes.
  21. One static route is required for each firewall path being load balanced. In this case, two paths are required: Interface 2, which leads to public-side IF 2 (192.168.1.200) through the first firewall (210.1.2.10) as its gateway, and Interface 3, which leads to public-side IF 3 (192.168.10.1) through the second firewall (210.1.20.20) as its gateway.

    Field
    in Device Manager
    Setting
    for WSM-2
    Static Route
    [1 - 128]
    Destination IP Address
    192.168.1.200
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    210.1.2.10
    IP Interface
    2
    Static Route
    [1 - 128]
    Destination IP Address
    192.168.10.1
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    210.1.20.20
    IP Interface
    3


    Note Note: Configuring static routes for FWLB does not require that IP forwarding be turned on.

See also:


Go back one pageGo to the next page##Go to this book's Index