Scribd Logo
Upload

Welcome to Scribd!

  • OptiqRoute Load Balancer - Transparent Mode With Firewall

    Uploaded by

    Javier Gomez
    83 views13 pages
    A firewall sits behind two internet routers and is accessible from the internet. A load balancer is installed in transparent mode between the firewall and routers. It will balance traffic coming from both routers to servers behind the firewall. The load balancer is configured with WAN IPs, a LAN IP, and DNAT rules to redirect traffic from secondary WAN IPs to the firewall's public IPs, making the firewall accessible on both internet connections.

    Original Description:

    OptiqRoute Series 21xx Load Balancer Transparent Mode With Firewall

    Original Title

    OptiqRoute Load Balancer_Transparent Mode With Firewall

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A firewall sits behind two internet routers and is accessible from the internet. A load balancer is installed in transparent mode between the firewall and routers. It will balance traffic coming from both routers to servers behind the firewall. The load balancer is configured with WAN IPs, a LAN IP, and DNAT rules to redirect traffic from secondary WAN IPs to the firewall's public IPs, making the firewall accessible on both internet connections.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    83 views13 pages

    OptiqRoute Load Balancer - Transparent Mode With Firewall

    Uploaded by

    Javier Gomez
    A firewall sits behind two internet routers and is accessible from the internet. A load balancer is installed in transparent mode between the firewall and routers. It will balance traffic coming from both routers to servers behind the firewall. The load balancer is configured with WAN IPs, a LAN IP, and DNAT rules to redirect traffic from secondary WAN IPs to the firewall's public IPs, making the firewall accessible on both internet connections.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    OptiQroute Load Balancers

    Transparent Mode Application

    Application
    Description
    Firewall in front of LAN
    Different Servers located
    behind Firewall
    Firewall to be accessible
    from Internet
    Load Balancer to be
    installed in a TRANSPARENT
    MODE between Firewall and
    Internet routers
    Traffic to the Firewall to
    be received thru both
    Internet routers

    Internet
    DSL ROUTER : 200.1.1.254

    T1 ROUTER : 100.1.1.254

    WAN 2 IP : 200.1.1.1/24

    WAN 1 IP : 100.1.1.1/24
    Gateway IP : 100.1.1.254

    WAN1

    WAN2

    Peer IP : 209.73.186.238

    LAN

    LAN IP : 100.1.1.2/24

    WAN IP :
    100.1.1.10
    100.1.1.20
    100.1.1.30
    100.1.1.40

    Gateway IP : 200.1.1.254
    Peer IP : 209.73.186.238

    OptiQroute 2120 RSW

    Firewall
    10.0.0.254

    Web Server

    Email Server

    Citrix Server

    FTP Server

    10.0.0.1

    10.0.0.2

    10.0.0.3

    10.0.0.4

    1 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Network
    Diagram

    Internet
    T1 ROUTER : 100.1.1.254

    DSL ROUTER : 200.1.1.254

    WAN 1 IP : 100.1.1.1/24

    WAN 2 IP : 200.1.1.1/24

    Gateway IP : 100.1.1.254
    Peer IP : 209.73.186.238

    Gateway IP : 200.1.1.254

    WAN2

    WAN1

    Peer IP : 209.73.186.238

    LAN

    LAN IP : 100.1.1.2/24

    OptiQroute 2120 RSW


    WAN IP :
    100.1.1.10
    100.1.1.20
    100.1.1.30
    100.1.1.40

    Firewall
    10.0.0.254

    Web Server

    Email Server

    Citrix Server

    FTP Server

    10.0.0.1

    10.0.0.2

    10.0.0.3

    10.0.0.4

    Peer IP = Public IP entered to do constant pings to and determine that live is alive beyond the Internet router

    2 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    IP
    Table
    Web Server

    Email Server

    Citrix Server

    FTP Server

    Private

    10.0.0.1

    10.0.0.2

    10.0.0.3

    10.0.0.4

    WAN 1

    100.1.1.10

    100.1.1.20

    100.1.1.30

    100.1.1.40

    WAN 2

    200.1.1.10

    200.1.1.20

    200.1.1.30

    200.1.1.40

    3 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Mapping Table
    Citrix Server

    Internet
    Internet

    100.1.1.1

    WAN1

    WAN2
    200.1.1.1
    Secondary IP : 200.1.1.30

    Transparent
    LAN

    100.1.1.2

    Citrix: 100.1.1.30

    Firewall

    Traffic arrives directly to Citrix


    on WAN1 thru 100.1.1.30 on a
    transparent mode.
    Citrix can also be reached by
    accessing 200.1.1.30 (secondary
    WAN2 IP). The traffic is rerouted
    with Destination NAT by the Load
    Balancer to 100.1.1.30.

    DNAT
    NAT

    Web Server

    Email Server

    Citrix Server

    FTP Server

    10.0.0.1

    10.0.0.2

    10.0.0.3

    10.0.0.4

    4 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Programming of the Load Balancer


    It is done in 4 steps:
    STEP 1 Configuration of WAN Interfaces (slide 6-8)
    We will enter the IP addresses of WAN, Peer IPs, Secondary WAN IPs, bandwidth values and
    enable Proxy ARP.

    STEP 2 Setup LAN Interface (slide 9)


    We will enter the IP address for LAN in the same segment as the WAN and enable Proxy ARP.

    STEP 3 Setup Host in the LAN/Firewall (slide 10)


    We will enter host located behind the Firewall as IP addresses in the LAN side of the balancer.
    At this point, and due to the transparent mode, the Firewall can be reached from the Internet with the
    public IP addresses.

    STEP 4 Setup DNAT Rules (slides 11-12)


    We will enter Destination NAT rules (DNAT) that will forward the traffic received on the second WAN
    interface to the public IP addresses that reside on the Firewall WAN port. Now the Firewall is
    being reached on both sets of public IP addresses.

    5 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Programming WAN interfaces : Expand Configuration, Interface and


    WAN
    6 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    We enable Proxy-ARP to keep for Transparent Mode (need to be done both in WAN and LAN)
    We enter and define the parameters for the WAN interface. IP Address is the load balancer IP
    address with its network mask (/24 = 255.255.255.0). The Gateway IP is the IP of the router in front
    of the load balancer. The Peer IP is a PUBLIC IP that the load balancer uses to do pings to so that we
    can determine the line is alive.

    7 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    We enter and define additional Peer Ip addresses (if


    the main Peer IP is not working, these extended IPs
    will be used to determine the line is alive). Set up
    also the bandwidth associated to Internet lines.

    We need to define finally the SECONDARY


    IP addresses that will reside on the WAN
    ports. We WILL NOT INCLUDE the IP
    addresses that will be assigned to the
    Firewall WAN port or Internet routers,
    only those IP addresses that will be located
    at the WAN ports.

    8 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Under Configuration Interface LAN: we would enter the LAN IP address in the same segment as the WAN IPs and
    we need to enable the Proxy ARP as well.

    9 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Under Configuration Router We will enter the hosts/IP addresses that are present in the LAN or WAN. The hosts
    (IP addresses resident in the firewall) need to be entered with a network mask /32.

    10 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Finally we need to include Destination NAT Rules under Configuration NAT. These rules will redirect the traffic
    that arrives to the secondary IP addresses on the WAN ports to the IPs terminating in the Firewall. In the slide we
    can see that ALL TRAFFIC ARRIVING TO THE WAN INTERFACE WITH DESTINATION IP 200.1.1.10 (web server
    traffic) NEEDS TO BE DELIVERED TO 100.1.1.10 (IP in the firewall to further route to the web server).

    11 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    The different NAT / DNAT rules entered to route traffic from the secondary WAN 2 Ips to the public Firewall
    public Ips

    12 / 13

    OptiQroute Load Balancers


    Transparent Mode Application

    Information
    & Support
    Contact:
    www.alvaco.com
    Toll Free: 1-877-641-2109
    Phone: 1-407-574-2017
    Fax:1-407-574-2016
    support@alvaco.com
    info@alvaco.com

    13 / 13

    You might also like