| Configuring the WSM using Device Manager |
To configure the private-side network in the basic FWLB example:
|
VLAN
|
13
|
|
Name
|
FWLB
|
|
State
|
Enabled
|
|
Ports
|
7, 8
|
|
VLAN
|
14
|
|
Name
|
FWLB
|
|
State
|
Enabled
|
|
Ports
|
5, 6
|
|
5
|
Default VLAN
|
14
|
|
6
|
Default VLAN
|
14
|
|
7
|
Default VLAN
|
13
|
|
8
|
Default VLAN
|
13
|
|
1
|
7 and 8
|
Create one private-side IP interface on a different subnet for each firewall being load-balanced.
|
You should already have configured a public-side IP interface on a different subnet for each firewall path being load-balanced.
|
|
| Note: The private-side WSM must use the same metric defined on the public side. |
|
Group
|
1
|
|
Name
|
FWLB Group
|
|
Metric
|
hash
|
|
Health Check
|
icmp
|
|
Real Servers
|
1 and 200
|
|
7
|
Load Balanced State
|
client
|
|
8
|
Load Balanced State
|
client
|
|
Real Server
|
222
|
|
IP Address
|
10.1.2.222
|
|
State
|
Enabled
|
|
Name
|
FWLB Server
|
|
Real Server
|
223
|
|
IP Address
|
10.1.2.223
|
|
State
|
Enabled
|
|
Name
|
FWLB Server
|
|
Group
|
200
|
|
Name
|
FWLB Group
|
|
Metric
|
hash
|
|
Health Check
|
icmp
|
|
Real Servers
|
222 and 223
|
|
Virtual Server
|
100
|
|
IP Address
|
10.1.2.100
|
|
State
|
Enabled
|
|
Virtual Service
|
[1 - 8]
|
|
Real Group
|
200
|
|
5
|
Load Balanced State
|
server
|
|
6
|
Load Balanced State
|
server
|
|
Index
|
50
|
|
Name
|
FWLB
|
|
Filter
|
Enabled
|
|
Action
|
Allow
|
|
Source IP Address
|
Any
|
|
Destination IP Address
|
10.1.2.0
|
|
Destination IP Mask
|
255.255.255.0
|
This filter will redirect outbound traffic, load-balancing it among the defined real servers in the group. In this case, the real servers represent IP interfaces on the public-side WSM.
|
Redirection filters are needed on all the ingress ports on the private-side WSM. Ingress ports attach to real servers or internal clients on the private-side of the network. In this case, two real servers are attached to the private-side WSM on rear-facing ports 5 and 6.
|
One static route is required for each firewall path being load balanced. In this case, two paths are required: Interface 2, which leads to public-side IF 2 (192.168.1.200) through the first firewall (210.1.2.10) as its gateway, and Interface 3, which leads to public-side IF 3 (192.168.10.1) through the second firewall (210.1.20.20) as its gateway.
|
See also: