Hi Andy, There are several options for doing what you want.
1) DNS You could have the name site.com registered in your internal DNS pointing to the ip of WS01. 2) NAT You could point your internal users to an Internal address that is being NATed by FW02 to WS01. 3) SRV_REDIRECT define a new service HTTP_PROXY_REDIRECT type other, IP Protocol: 6, advanced, match: SRV_REDIRECT(80,<WS01 IP>,80) - create a rule: internal clients to SITE.COM (IP address) service HTTP_PROXY_REDIRECT accept Hope this helps. See ya, Bernardo. On 5/30/05, Andy France <[EMAIL PROTECTED]> wrote: > Hi All, > > We are having a issue with a web application that uses (quick and nasty) > Microsoft IP load balancing. This is causing session state issues with > users on DSL lines that have very short IP lease times, especially when > moving between http and https pages. > > The app guys are looking into moving to a better load balanced solution, > but in the meantime we are looking at a quick solution by dropping back to > a single server... with a twist! > > The network layout is thus: > > WS01 > Internet ---- FW01 ---- (Virtual Site) ---- FW02 ---- Internal > WS02 > > And the IP addresses in the DMZ are: > > WS01 = x.x.x.141 > WS02 = x.x.x.142 > site.com = x.x.x.150 > > My question is if it is possible to set up seperate rules/services on FW01 > and FW02 so that when an external user goes to http://site.com they get > directed to WS02, but an internal user doing the same get directed to WS01. > > Both firewalls are FW-1 NG R55 AI on SecurePlatform. > > TIA, > Andy. > > ##################################################################################### > > This email is intended for the person to whom it is addressed > only. If you are not the intended recipient, do not read, copy > or use the contents in any way. The opinions expressed may not > necessarily reflect those of ZESPRI Group of Companies ('ZESPRI'). > > While every effort has been made to verify the information > contained herein, ZESPRI does not make any representations > as to the accuracy of the information or to the performance > of any data, information or the products mentioned herein. > ZESPRI will not accept liability for any losses, damage or > consequence, however, resulting directly or indirectly from > the use of this e-mail/attachments. > ##################################################################################### > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
