Problem with Virtual IP addresses for Web Servers

["Garrahan, Kelvin" <Kelvin.Garrahan () compaq com>]

Hi,

I have recently set-up a Checkpoint Firewall-1 V4.0 SP5 in front of a Web
Farm. When a client connects to the Virtual IP address of a Web Server it
will be directed to a physical IP address of one of the Servers in the Farm.
The problem that I am seeing is that the corresponding response is being
dropped at the Firewall since the state table is maintained for the virtual
IP address and not the real address. The funny thing is that the service
actually works, how? well I think that this is something got to do with the
load balancer that we are using (Cisco's Local Director). I would like to
clean up my logs by not having responses from the web servers dropped and
logged as such.

An ideas would be appreciated.

regards

Kel.

Kelvin Garrahan
Security Consultant
Compaq Network Services,
Park House,
N.C.R.,
Dublin 7.
Tel:  353-1-8385433
Fax: 353-1-8384239 
Email: Kelvin.garrahan () compaq com