Checkpoint R55 FTP Loadbalancing Question

[atski31]

Hi..
Can anyone help me : I am trying to configure Loadbalacing for 2 FTP server in our DMZ. I have created the logical server with a public facing Ip address of y.y.y.y and have added the server group which consist of 2 ftp servers with internal address x.x.x.a and x.x.x.b.
Question: do i need to NAT these to y.y.y.y ?
and also do i need to create any static arp entries on my splat box .. if so what entries do i need to create ?...

Thanking you in advance for your help ....

 

[abner78br]

Hello atski31,

What is the OS Checkpoint is installed with?
The FTP servers need to be accessed from inside or outside networks?

Regards,

Abner

 

[atski31]

Hi abner78br.. the OS is Linux...and they need to be accessed from both inside and Outside....

The Version of Linux is as follows....

Linux CW-FW1 2.4.9-42cpsmp #1 SMP Wed Nov 19 19:08:55 GMT 2003 i686 unknown

 

[abner78br]

Atski31,

Just one more question. How is the FTP servers connected to the Checkpoint Firewall? One interface facing the inside network and the other one facing the DMZ side?

Regards,

Abner

 

[atski31]

Hi abner78br..

The FTP servers have a single interface with the ip addresses corresponding to the DMZ of the SPLAT -now i'm not sure whether these need to be natted to the public address set on the logical server or not.. ?( I have tried this but can only connect to one of the FTP servers.. Load balancing not working).. also i think static aro entries need to be added to the splat but not sure which ?...

 

[abner78br]

ATSKI,

for sure you'll need NAT to those addresses (and routing entries on your firewall box). However I am not sure about load balancing.

I've seen loadbalancing issues regarding FTP. For instance: you request access to one server but the other one replies and your connection drops. I had to set one as primary and other as standby.

Regards,

Abner