> -----Original Message-----
> From: East, Bill
> Sent: Thursday, July 20, 2000 10:43 AM
> To: 'FW-1 Mailing list'
> Subject: [FW1] load balancing and NAT
>
>
>
> I have a need to load balance between two http servers.
>
> Server A: 192.168.253.xxx NAT: 207.xxx.xxx.xxx
> Server B: 192.168.253.yyy NAT: 207.xxx.xxx.yyy
>
> I can connect individually to Server A and Server B's NATed addresses.
> I've defined a group consisting of Server A and Server B's
> NATed addresses.
> I've defined a logical server 207.xxx.xxx.zzz, which uses the
> group defined
> above. I've tried setting this both to HTTP and Other.
> I've added 207.xxx.xxx.zzz to the local.arp file in
> fw40/state, using the
> MAC address of the firewall.
> I even added the logical server to the group that is used to get past
> anti-spoofing.
>
> When I try to connect, it simply times out. No errors or
> successes show up
> in the firewall's log. Interestingly, if I try to connect without the
> logical server defined, I get a reject from the cleanup rule,
> so clearly the
> packets are getting to the firewall.
>
> Has anyone had experience with a similar configuration? This
> has got me
> stumped. I've looked through the archives and seen similar
> questions, but
> not many answers.
>
Followup:
Well, I feel silly. After beating my head against the wall for several days,
I ran across the suggestion that we need to have the Connect Control module,
which we do not (we use a stdlight license). So it looks like I am going to
have to use other, less expensive methods to load-balance.
--
Bill
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
