Firewall Wizards mailing list archives
Checkpoint Load Balancing
From: Neil Ratzlaff <Neil.Ratzlaff () ucop edu>
Date: Mon, 13 Oct 1997 14:46:10 -0700
I have a problem that must have been solved many times by now, but I can't find it. I need to implement load balancing for HTTPS using FireWall-1 from Checkpoint. The logical server Properties allows HTTP or 'Other', but HTTP does not allow https - the rules won't compile. 'Other' allows https, but it does address translation without changing the URL, so when the client hits the secure server, the authenticity certificate is invalid. The URL remains as the logical URL of the virtual computer, not the physical server with a certificate. Does anyone have a good way to solve this? I have thought about trying to force FW-1 to change the URL when it changes the IP address (doubt this is feasible), or edit the https service so it thinks it is http and vice versa (this would certainly disrupt any other http server activity), or installing multiple copies of the same certificate on all computers in the logical group. I don't have any idea how the certificate would react to being in more than one place, or being on a computer that does not match its name; the certificate has been someone else's bailiwick. I know people must be doing what I need to do, but are any of them using Firewall-1 and readers of this list? Thanks, Neil
Current thread:
- Checkpoint Load Balancing Neil Ratzlaff (Oct 13)