I'm trying to figure out Checkpoint's load balancing feature based on the
documentation and what little I know of SSL. As far as I can tell, the
process will go something like this:
- The browser will request a page from https://207.29.xxx.xxx (a logical
server)
- Firewall-1 will send back a redirect to https://207.29.xxx.yyy (the NAT
address of one or the other of the load-balanced servers)
- The browser will load the page as well as the server's certificate.
- The browser will then compare the fqdn on the certificate to --what?
This is where I have problems. The fqdn that the user entered in the
browser? The RDNS lookup result? If it is the former, then the fqdn on the
server certificate should be that of the logical server. If it's the latter,
it should be the fqdn of the server itself. Obviously this will impact how I
set up the RDNS, not to mention what name I put on the certificate.
If anyone has had experience with this I would appreciate the information.
--
Bill
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
