Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Additional internal addresses

JeanFrancoisdu Toit

Hi all, this is my first time on the forums so be patient.

I am currently investigating the "Server Load Balancing" feature on UTM 9.4. From what I understand when configuring the Virtual Server you need to specify an IP address on an interface.

Let's say I have a hosting port with Public IP's, Internet Breakout port, MPLS port, DMZ port and "internal port" connected to our server range (where the interface is configured as 192.168.10.254/24). The load balancing needs to be applied to multiple internal servers, lets take Sharepoint as an example. The Sharepoint servers aren't exposed externally and the internal address (192.168.10.254) of the FW is configured with 30 different WAF rules. I therefore can't use the internal address as the Virtual Server and using a random IP in that range will simply not work?

Can I then add additional IP's to the internal port specifically for Load Balancing Virtual servers (eg 192.168.10.250/32 etc)? Should I rather have our ISP route an additional range to our Datacentre and specifically carve that range up for Virtual server IP's

I'm still open for suggestions on alternative configurations, but the WAF load balancing does not provide the same features as the Server Load Balancing. I also want to refrain from using a software load balancer like KEMP if I can utilise our current Sophos FW's...



This thread was automatically locked due to age.
Parents
  • 0

    Salut, Jean-François, and welcome to the UTM Community!

    Yes, you can place Additional Addresses on the Internal interface and use them as "targets" in configuring WAF and Load Balancing.  What disadvantage do you see for WAF vs. Load Balancing?

    Cheers - Bob

    PS Internet Breakout and MPLS are expensive solutions in today's world.  The only justification I can see for MPLS is QoS for real-time stuff like VoIP.  Even then, it's probably cheaper to have a dedicated connection for such traffic.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Salut, Jean-François, and welcome to the UTM Community!

    Yes, you can place Additional Addresses on the Internal interface and use them as "targets" in configuring WAF and Load Balancing.  What disadvantage do you see for WAF vs. Load Balancing?

    Cheers - Bob

    PS Internet Breakout and MPLS are expensive solutions in today's world.  The only justification I can see for MPLS is QoS for real-time stuff like VoIP.  Even then, it's probably cheaper to have a dedicated connection for such traffic.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for your reply. The WAF is definitely a more attractive option when hosting multiple sites and services and a lack of public IP's, but I feel the load balancing part of it is lacking. Specifically the "weight" and "check type". The HTTP check type would help with services that's not responding for proper failover and the weight for offline pages or even DR failover. They should really build those into WAF to make it awesome!

    As for the MPLS, quite a few reasons. Were running our own Lync environment (So yeah, QOS). Our company has 14 branches around South-Africa, where I am managing 3 desktop support guys, while me and my manager looks after the infrastructure (2 Datacentres running around 80 VM's). So less firewalls and network management threats makes sense. Lastly, our company does live auctions, allowing online participation, so once again QOS.

    Thanks!

Unfiltered HTML