Network Router User Manual
Web OS 10.0 Application Guide
320
Chapter 13: Firewall Load Balancing
212777-A, February 2002
3. Configure the clean-side IP interface as if they were real servers on the dirty side.
Later in this procedure, you’ll configure one clean-side IP interface on a different subnet for
each firewall path being load balanced. On the dirty-side Web switch, create two real servers
using the IP address of each clean-side IP interface used for FWLB.
NOTE – Each of the four interfaces used for FWLB (two on each Web switch) in this example
must be configured for a different IP subnet.
4. Place the IP interface real servers into a real server group.
5. Set the health check type for the real server group to ICMP.
6. Set the load-balancing metric for the real server group to hash.
Using the hash metric, all traffic between specific IP source/destination address pairs flows
through the same firewall. This ensures that sessions established by the firewalls are main-
tained for their duration.
NOTE – Other load balancing metrics such as leastconns, roundrobin, minmiss,
response, and bandwidth can be used when enabling the Return to Sender (RTS) option.
For more information, see “Free-Metric FWLB” on page 346.
7. Enable SLB on the switch.
>> IP Interface 3# /cfg/slb/real 1 (Select real server 1)
>> Real server 1# rip 10.1.3.1 (Assign clean-side IF 2 address)
>> Real server 1# ena (Enable real server 1)
>> Real server 1# ../real 2 (Select real server 2)
>> Real server 2# rip 10.1.4.1 (Assign clean-side IF 3 address)
>> Real server 2# ena (Enable real server 1)
>> Real server 2# /cfg/slb/group 1 (Select real server group 1)
>> Real server group 1# add 1 (Add real server 1 to group 1)
>> Real server group 1# add 2 (Add real server 2 to group 1)
>> Real server group 1# health icmp (Select ICMP as health check type)
>> Real server group 1# metric hash (Select SLB hash metric for group 1)
>> Real server group 1# /cfg/slb/on