D-Link DFL-800-AV-12 User Manual - Page 285
SLB_SAT Rules, rule would also be used
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 285 highlights
10.3.6. SLB_SAT Rules Chapter 10. Traffic Management The key component in setting up SLB is the SLB_SAT rule in the IP rule set. The steps that should be followed are: 1. Define an Object for each server for which SLB is to be done. 2. Define a Group which included all these objects 3. Define an SLB_SAT Rule in the IP rule set which refers to this Group and where all other SLB parameters are defined. 4. Define a further rule that duplicates the source/destination interface/network of the SLB_SAT rule that allows traffic through. The could be one or combination of • ForwardFast • Allow • NAT The table below shows the rules that would be defined for a typical scenario of a set of webservers behind a D-Link Firewall for which the load is being balanced. The ALLOW rule allows external clients to access the webservers. Rule Name Rule Type WEB_SLB SLB_SAT WEB_SLB_ALW ALLOW Src. Interface any any Src. Network all-nets all-nets Dest. Interface core core Dest. Network ip_ext ip_ext If there are clients on the same network as the webservers that also need access to those webservers then an NAT rule would also be used: Rule Name Rule Type WEB_SLB SLB_SAT WEB_SLB_NAT NAT WEB_SLB_ALW ALLOW Src. Interface any lan any Src. Network all-nets lannet all-nets Dest. Interface core core core Dest. Network ip_ext ip_ext ip_ext Note that the destination interface is specified as core, meaning NetDefendOS itself deals with this. The key advantage of having a separate ALLOW rule is that the webservers can log the exact IP address that is generating external requests. Using only a NAT rule, which is possible, means that webservers would see only the IP address of the D-Link Firewall Example 10.3. Setting up SLB In this example server load balancing is to be done between 2 HTTP webservers which are situated behind a D-Link Firewall. The 2 webservers have the private IP addresses 192.168.1.10 and 192.168.1.11 respectively. The default SLB values for monitoring, distribution method and stickiness are used. A NAT rule is used in conjunction with the SLB_SAT rule so that clients behind the firewall can access the webservers. An ALLOW rule is used to allow access by external clients. Web Interface A. Create an Object for each the webservers: 1. Go to Objects > Address Book > Add > IP Address 2. Enter a suitable name, eg. server1 3. Enter the IP Address as 192.168.1.10 285