Specifications
Advanced Deployment Options
3-5
If the appliance is deployed between a router and core switch within the same
network segment, the appliance can directly connect to the router or clients. If a
client issues a request to a server, the appliance receives the client’s outgoing
connection through TCP handshake. Because all devices are in the same segment,
there are no problems relaying packets between network devices. The appliance
passes the request to the router, which forwards it to the intended server.
Deploying in a Network with Multiple Segments
This section discusses deployment in a multiple-segment environment in which the
default gateway of the appliance is a device handling the Internet connection (for
example, a router or firewall).
In figure 3-5 on page 3-7, the appliance and clients belong in different network seg-
ments. The core switch and the appliance belong in one segment using a Class A IP
address. The core switch is the default gateway of the clients. The router is the core
switch and is the default gateway of the appliance.
If the clients and the appliance are on different network segments, the router passes
traffic to the Internet, but the appliance is unable to connect directly to the client. The
packet passes to the default gateway of the appliance, which is the router.
In this topology, the appliance passes the packet to the router. The routing decision
depends on the router. The SYN packet will be returned to the client through the
router and the core switch. (See
figure 3-4 on page 3-6 for an illustration of this prob-
lem.)