This is a common configuration for a resilient server infrastructure. Of course, it is sensible to run resilient pairs for both the front end firewalls, and the load balancers since you are investing in resilience.
You probably want to put the firewalls in front of the load balancers, unless you want to perform fully load balanced firewalling with something like a BigIP sandwich for example. It is a simple enough configuration from firewall rulebase perspective, the load balancers could be as simple or as complex as the site demands. I would recommend BigIPs from my own experience with Load Balancers. Jag -----Original Message----- From: Figaro, Nicolas [mailto:[EMAIL PROTECTED] Sent: 25 February 2004 09:27 To: [EMAIL PROTECTED] Subject: [FW-1] Using a load balancing equipment with firewall1 Hi, I'd like to use a load balancing equipment (like cisco css) in front of web servers. The goal is to have the load balancing capability and isolate the web servers lan, to avoid someone who takes control of one server to spread a virus inside my network. The config could be : Load balancing -> firewall -> web servers Firewall -> load balancing -> web servers I can't use the logical server functionnality of checkpoint, because most servers use https. Has anyone ever done this ?? What are the hints ?? Thanks Nicolas figaro ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Jag Bains Network Security Engineer Boxing Orange Ltd t: 0871 871 2774 f: 0871 871 0068 [EMAIL PROTECTED] http://www.boxingorange.com/ This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
