Micha__Iwaszko_
Jan 27, 2009Nimbostratus
DMZ design/configuration problem
Hello. I have a design/configuration problem with mail servers in a DMZ, using LTMs for load balancing SMTP/HTTP connections. For example:
1. There's a network, 192.168.0.0/24 that's terminated on a firewall with an address 192.168.0.1 (being the default gateway for all devices in that network).
2. I have two SMTP servers and a pair of LTMs (whatever addresses, for now it doesn't really matter).
3. SMTP connections from the internet are going to the Virtual Server on the LTM pair and then go to the SMTP servers without being SNATed.
4. SMTP servers need to download updates, but can't use a proxy server for it.
And the question is, how to manage all of this with my LTM pair? According to point 3 I need to have a default route on the SMTP servers for the LTM (Floating address? VS address?), because the firewall will not pass the traffic (the connection was made to the VS and that's what the firewall would like to see). But according to point 4 I need to pass the traffic to the internet somehow... So, is there a way to make LTMs work as a simple router for this HTTP traffic, keeping in mind the default gateway address, that has to be set for something "on" the LTMs for the point 3 to work? Or maybe some other way?