| Configuring the WSM using Device Manager |
A demilitarized zone (DMZ) lets the WSM do the traffic filtering instead of the firewall. A FWLB DMZ is created by adding another real server group and a redirection filter toward the DMZ subnets. The DMZ servers can be connected to the WSM on the public side of the firewall. The following figure shows a typical firewall load balancing configuration with a DMZ.
The DMZ servers can be attached to the WSM directly or through an intermediate hub or switch. The WSM is then configured with filters to permit or deny access to the DMZ servers. In this manner, two levels of security are implemented: one that restricts access to the DMZ through the use of WSM filters, and another that restricts access to the private-side network through the use of stateful inspection performed by the firewalls.
See also: