Prev  Chapter 8. Network deployment  Next

2. Firewalled single-homed Web Security Manager implementation

Firewall'ed single-homed Web Security Manager implementation

Figure 8.2. Firewall'ed single-homed Web Security Manager implementation


This scenario requires an extra interface in the firewall since Web Security Manager is deployed in a DMZ-segment separated from the segment in which the web servers are placed. A caveat with this setup is that all Web Security Manager traffic (both inbound from clients and outbound to web systems) is using a single ethernet interface.

A separate network segment (subnet 2) is configured between Web Security Manager and the firewall.

HTTP/HTTPS traffic designated to the web systems (192.168.0.3 and 192.168.0.4) is redirected (either by forwarding IP packets via the router or by altering web systems' DNS settings) to Web Security Manager's IP address 192.168.1.10.

Outbound traffic from Web Security Manager to web systems is again inspected by the firewall and sent to the web systems on subnet 3.

The web systems' default gateway is the firewall with IP address 192.168.0.1.

© 2005 - 2012 Alert Logic inc.
Prev  Up  Next
1. Simple single-homed Web Security Manager implementation  Home  3. Firewalled Web Security Manager implementation with a fail-over/backup Web Security Manager