Prev  Chapter 8. Network deployment  Next

4. Dual-homed performance optimized Web Security Manager implementation

Dual-homed performance optimized Web Security Manager implementation

Figure 8.4. Dual-homed performance optimized Web Security Manager implementation


In this scenario Web Security Manager is configured in a dual-homed setup with separation of inbound and outbound web traffic. 2 ethernet interfaces are utilized. Client requests are terminated in VLAN2 and responses from web systems are terminated in VLAN3. This setup (or similar) potentially provides greater performance (since 2 interfaces are used) and security.

A separate network segment (VLAN2) is configured between Web Security Manager and the layer 3 switch.

HTTP/HTTPS traffic designated to the web systems (192.168.0.3 and 192.168.0.4) is redirected (either by forwarding IP packets via the router or by altering web systems' DNS settings) to Web Security Manager's IP address 192.168.1.9.

Outbound traffic (downstream) from Web Security Manager is sent to web systems via VLAN3.

The layer 3 switch is configured only to allow traffic on the necessary ports (typically 80/tcp for HTTP and 443/tcp for HTTPS to pass from Web Security Manager to the web systems.

The web systems' default gateway is the layer 3 switch with IP address 192.168.0.1.

© 2005 - 2012 Alert Logic inc.
Prev  Up  Next
3. Firewalled Web Security Manager implementation with a fail-over/backup Web Security Manager  Home  Chapter 9. Frequently Asked Questions