Forum Discussion
scott_h_ryan_82
Nimbostratus
Nimbostratusregarding viirtual server config/design
Here's what I'm trying to do...
Traffic on vlan 100 is dmz traffic. I want that traffic to go through the firewall before talking to servers on vlan 50 (internal). The server gateways are the self IP's. For internal load balancing, trunks were setup to allow the internal network, so the DMZ servers talk directly over those trunks to the internal network instead of traversing a firewall.
I create a wildcard virtual server network 0.0.0.0/0.0.0.0 all ports, all protocols, performancel4... i create a new pool and node, with the node pointing to the interface on the firewall.. say 200.1
Front end VIP addresses are on 192.168.200.x
DMZ servers are 192.168.100.x
Internal VIP addresse are on 192.168.25.x
Internal servers are on 192.168.50.x
So, my question is this.. if a server sends traffic/request to a server in the internal network with this config, will that traffic use the wildcare virtual gateway and force traffic to the firewall, or will it still use the trunk link that is carrying those internal vlans? Do I need to change the wildcare to ipforwarding instead of performancel4?
Need any input quickly so any help is appreciated. thanks.
- JRahm
Admin
The traffic will follow a) the last-hop table (if auto-last-hop is enabled), then b) the routing table. The virtual server settings allow the traffic specified in their configuration to flow, sort of like an access list.
If you want to ensure the DMZ servers hit the firewall, you may need to establish double nats for the internal servers on the firewall.
