beautypg.com

Adding a demilitarized zone (dmz), Adding a demilitarized zone (dmz) 349 – Nortel Networks WEB OS 212777 User Manual

Page 349

background image

Web OS 10.0 Application Guide

Chapter 13: Firewall Load Balancing

n

349

212777-A, February 2002

Adding a Demilitarized Zone (DMZ)

Implementing a DMZ in conjunction with firewall load balancing enables the Web switch to
do the traffic filtering, off-loading this task from the firewall. A DMZ is created by configuring
FWLB with another real server group and a redirection filter towards the DMZ subnets.

The DMZ servers can be connected to the Web switch on the dirty side of the firewall. A typi-
cal firewall load balancing configuration with a DMZ is shown in

Figure 13-10

.

Figure 13-10 Typical Firewall Load-Balancing Topology with DMZ

The DMZ servers can be attached to the Web switch directly or through an intermediate hub or
switch. The Web switch is then configured with filters to permit or deny access to the DMZ
servers. In this manner, two levels of security are implemented: one that restricts access to the
DMZ through the use of Web switch filters, and another that restricts access to the clean net-
work through the use of stateful inspection performed by the firewalls.

Firewalls

DMZ

Web Switches

Internet

Private

Network

Note: There can be

one or two DMZs.

Web Switches