Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

Configuring FWLB on the public-side of the WSM network

To configure the public-side network in the basic FWLB example:

  1. Configure VLANs on public-side WSM-1 using the settings in the following table. For more information, see Configuring a VLAN.

    Field in Device Manager Setting for WSM-1
    VLAN
    11
    Name
    FWLB
    State
    Enabled
    Ports
    7, 8
    VLAN
    12
    Name
    FWLB
    State
    Enabled
    Ports
    5, 6

  2. On each public-side WSM port, set the default VLAN number which will be used to forward frames which are not VLAN tagged. Use the settings in the following table. For more information, see Setting port parameters.

    Port Field in Device Manager Settings for WSM-1
    5
    Default VLAN
    12
    6
    Default VLAN
    12
    7
    Default VLAN
    11
    8
    Default VLAN
    11

  3. Remove the rear-facing ports from default VLANs 1 and 2.

    VLAN Ports to remove
    1
    7 and 8
    2
    5 and 6

  4. Define IP interfaces for the public-side network using the settings in the following table. For more information see, See "Manually configuring an IP interface" on page 173.
  5. There must be an IP interface for general WSM management (IF1), in addition to a public-side IP interface for each firewall path being load balanced (IF2 and IF3).

    Field in Device Manager Setting for WSM-1
    Interface Number
    1
    IP Address
    172.21.8.200
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    172.21.8.255
    VLAN
    12
    State
    Enabled
    Interface Number
    2
    IP Address
    192.168.1.200
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    192.168.1.255
    State
    Enabled
    VLAN
    11
    Interface Number
    3
    IP Address
    192.168.10.1
    IP Subnet Mask
    255.255.255.0
    IP Broadcast Address
    192.168.10.255
    State
    Enabled
    VLAN
    11

  6. Enable SLB on WSM-1 for the public-side network. For more information, see Enabling or disabling server load balancing.
  7. On the public-side WSM, create two real servers using the IP address of each private-side FWLB IP interface. Use the settings in the following table. For more information, see Configuring each real server.
  8. Later in this procedure, you'll configure one private-side IP interface on a different subnet for each firewall path being load balanced.

    Note Note: Each of the four IFs used for FWLB (two on each WSM) in this example must be configured for a different IP subnet.

       

    Field
    in Device Manager
    Setting
    for WSM-1
    Real Server
    200
    IP Address
    210.1.2.200
    State
    Enabled
    Name
    FWLB Server
    Real Server
    1
    IP Address
    210.1.20.1
    State
    Enabled
    Name
    FWLB Server

  9. Place the IP interface real servers into a real server group using the settings in the following table. For more information, see Configuring a real server group.
  10. Using the hash metric, all traffic between specific IP source/destination address pairs flows through the same firewall. This ensures that sessions established by the firewalls are maintained for their duration.

    Note Note: Other load balancing metrics such as least connections, roundrobin, minimum misses, response, and bandwidth can be used by enabling Return to Sender (RTS). For more information, see Configuring basic FWLB with free-metric.


    Field
    in Device Manager
    Setting
    for WSM-1
    Group
    1
    Name
    FWLB Group
    Metric
    hash
    Health Check
    icmp
    Real Servers
    1 and 200

  11. Create a filter to allow local subnet traffic on the public side of the firewalls to reach the firewall interfaces. Use the settings in the following table. For more information, see Creating a new filter.

    Field
    in Device Manager
    Setting
    for WSM-1
    Index
    10
    Name
    FWLB
    Filter
    Enabled
    Action
    Allow
    Source IP Address
    Any
    Destination IP Address
    172.21.8.0
    Destination IP Mask
    255.255.255.0

  12. Create the FWLB redirection filter, using the settings in the following table. For more information, see Creating a new filter.
  13. This filter redirects all inbound traffic, and load balances it among the defined real servers in the group. In this network, the real servers in group 1 represent IP interfaces on the private-side WSM.

    Field
    in Device Manager
    Setting
    for WSM-1
    Index
    100
    Name
    FWLB Redirect
    Filter
    Enabled
    Action
    Redirect
    Source IP Address
    any
    Destination IP Address
    any
    Protocol
    any
    Redirection Group
    1

  14. Add filters to the ingress ports using the settings in the following table. For more information, see Enabling or disabling filtering on a port and Applying filters to a port.

    Field
    in Device Manager
    Setting
    for WSM-1
    Port
    5
    Filtering
    Enabled
    Filters Applied
    10 and 100
    Port
    6
    Filtering
    Enabled
    Filters Applied
    10 and 100

  15. Define static routes from the public to the private-side IP interfaces, using the firewalls as gateways. Use the settings in the following table. For more information, see Configuring static routes.

    Field
    in Device Manager
    Setting
    for WSM-1
    Static Route
    [1 - 128]
    Destination IP Address
    210.1.2.200
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    192.168.1.10
    IP Interface
    2
    Static Route
    [1 - 128]
    Destination IP Address
    210.1.20.1
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    192.168.10.20
    IP Interface
    3

See also:


Go back one pageGo to the next page##Go to this book's Index