Yale,
#Thanks a lot for your reply.
Your welcome.
#I am not sure whether UDP traffic = non-session oriented traffic.
#Are you sure about that?
I am wondering what your definition of non-session oriented traffic is? I
may be interpreting non-session differently than you are.
#So what's your point is that the stateful inspection firewall+NAT could
get
#along with the non-session oriented IP traffic well and shouldn't face
that
#kind problem.
Exactly. As long as the traffic is IP then NAT should work just fine.
Question:
1,Would the stateful inspection firewall+NAT have some problems with the
website which are applied with a dynamic server farm mechanism or
technology
of web load balancing(like yahoo,there have 32 maybe more game
servers(yog0-yog31) to dynamically deal with the requirement for
game.yahoo.com)?
Answer:
If you have a loadbalanced web server farm with 30+ servers then you will
probably want to loadbalance off of the source IP address. This cannot be
done with NAT on the firewall because all of the connection will appear to
the loadbalancer as having come from the firewall. YOu could use NAT and
loadbalance off of the source port which would be different for each
connection. It all depends on the distinguishing feature you are using to
loadbalance off of.
Question:
2,If company XX applied the default configuration of the stateful inspetion
firewall (like: Deny all from WAN to LAN,Allow all from LAN to WAN) and
NAT,are there any special websites(applying special upper-layer protocols
or
special ports) couldn't be reached by company XX?Did you or any other
expert
have the experience on it?
Answer:
As long as the firewall maintains state (i.e. a list of connection active
fron LAN to WAN) and allows return packets back in then there shouldn't be
an issue with this. If the external webserver switched ports or protcols
then it would not work without a WAN to LAN rule for the new port/protocol
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
