End-of-Life (EoL)

Configure the Firewalls that Secure the Web Farm

Use these instructions to configure the redundant pair of VM-Series firewalls that secure the web servers within an Availability Zone.
  1. Allocate and assign Elastic IP Addresses.
    This use case requires one Elastic IP Address for the management interface of each VM-Series firewall. See step 3.
  2. Log in to the web interface of the VM-Series firewall using the EIP address assigned to the management interface.
  3. Configure the network interfaces. Select
    and click the links to configure ethernet1/1 and ethernet1/2.
    1. Configure a DHCP client on each interface and create and attach security zones to each interface.
    2. Clear the check box to
      Automatically create default route to default gateway provided by server
      to ensure that the web servers do not use the default route provided by the firewall.
  4. Create a security policy rule to allow the sanctioned applications. Because we use the WordPress application in this example, the policy rule allows the web-browsing and blog-posting applications for WordPress.
  5. Create a NAT policy rule to ensure symmetric routing of traffic when the NetScaler VPX load balances traffic across the two (or more) firewalls that are protecting the web servers. This NAT policy rule is required to translate the private IP addresses to public IP addresses that can be routed to external networks. It also ensures that the same firewall manages the request and response traffic for a web server in the web farm.

Recommended For You