[f-nsp] (no subject)
John McCabe [Ext. 363]
JohnMcCabe at rideau.com
Wed Apr 29 15:57:01 EDT 2009
Yes this would be the best , I have no issue with the duel nats it only increases our security and allows us to fulfill security requirements .
I have another LB running and am using the llb on that one and have been for a few years.
Thanks for your info.
From: Oliver Adam [mailto:oadam at madao.de]
Sent: April-29-09 3:34 AM
To: John McCabe [Ext. 363]; foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] (no subject)
FWLB relies heavily on FW-paths... I have never seen this working with ServerIrons at one side only - I personally would not go for this. I would go for LLB...
This would imply you are going to do NAT twice... you do need two transfer subnets in between the ServerIron (standalone) and the FWs. One subnet for each FW. The ServerIron needs a physical IP per subnet and it needs a NAT IP per subnet. Configure LLB similar to the config example in the documentation BUT use the FWs as upstream routers instead of the ISP facing routers. The FWs need to do NAT again towards the ISP(s). I would go for health check checking something in front of the FWs - this helps to verify that the FW is up and running and the device in front of the FW...
Should be straight forward...
R, Oliver
At 21:57 28.04.2009, John McCabe [Ext. 363] wrote:
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_771397A62D34774DB13A1AE1E5A33C352477A16974exch2007Ridea_"
I know what I would like, I know the diff between link load balance as FWLB.
I want to balance all traffic going out of our network, i want to balance this over out 2 10 meg links.
Each link has its own firewall so i would like to link load balance, but before the firewall, this may be the best way to do it,
has anyone tried?
I have multiple LB units I just don't want to set up the whole meshed system in the FWLB scenario. Seems overkill from where I am standing.
john
________________________________
RIDEAU CONFIDENTIALITY NOTICE
This communication may contain privileged or confidential information. If you are not the intended recipient or received this communication by error, please notify the sender by reply email and delete the message without copying or disclosing it.
AVIS DE CONFIDENTIALITÉ DE RIDEAU
Ce message peut contenir de l'information légalement privilégiée ou confidentielle. Si vous n'êtes pas le destinataire ou croyez avoir reçu ce message par erreur, nous vous saurions gré d'en aviser l'émetteur par courriel et d'en détruire le contenu sans le communiquer à d'autres ou le reproduire.
AVISO DE CONFIDENCIALIDAD DE RIDEAU
Este mensaje puede contener información privilegiada o confidencial. Si usted no es la persona a quien estaba dirigido el mensaje o si recibió este mensaje por error, notifique a quien se lo envió por correo electrónico y elimine el mensaje sin copiarlo o divulgarlo.
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20090429/e4b7471c/attachment.html>
More information about the foundry-nsp
mailing list