?
Solved

Can Symantec Enterprise Firewall route external domain names to an internal IP address?

Posted on 2004-07-30
6
Medium Priority
?
528 Views
Last Modified: 2013-11-16
Hi all,

I am trying to set up a Symantec Enterprise Server 8 on Windows 2003.  What we have are 10 different public domain names such as:

srv0.velaro.com
srv1.velaro.com
...
srv9.velaro.com

To conserve external IP address usage, we are required to have all the above domain names share the same IP address of 162.33.130.135
Internally, I have each one of those domains mapped to a different internal server, that has its own IP address.  What I need to know is if SEF can be configured to route external traffic based on a HTTP header domain name to a specific internal IP address?

Thanks!

Also, this may get over my head very quickly, so if anyone knows of a someone who is qualified to setup SEF, I'd LOVE to talk to them about paying for a few hours of their time for some remote admin.

Thanks again.

Jasen
0
Comment
Question by:jasenfici
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:batmon34
ID: 11683026
I don't think external IP addresses are that expensive...  Since you can afford 10 servers, you should be able to pay 9 additional public IPs.  Most ISPs are give them out free of charge.  They are not that exepnsive...

If you really wanna save $$, you should put all 10 sites on 1 server.  :-)
0
 

Author Comment

by:jasenfici
ID: 11683557
Its just not that easy.  ISP's are only given a specific number of addresses, and are gunshy about giving them out, even though it is possible.
I'd love to put them all on 1 server, but the servers run a pretty process intensive application that each get about a million hits a day, so its been built to be load balanced across 10.
I don't have or need 10 yet, I only have a few, but I am keeping them on 10 different internal IP addresses so that growth for me requires the simple addition of an internal machine and the reallocation of some internal IP addresses, not hte wholesale change of our firewall, routers, and public DNS settings.

Jasen
0
 
LVL 4

Expert Comment

by:batmon34
ID: 11684555
I don't think there is anything to do with your FW.  Basically you need a server in front of your 10 servers, and able to point to the right servers at back for you.  Depends one what you use.  For example, if they are web servers, then you can create a virtual directory for each server.  

frontend server: www.velaro.com, and has virtual directory for each of your server

www.velaro.com/srv0 directory ==> srv0.velaro.com server
www.velaro.com/srv1 directory ==> srv1.velaro.com server
www.velaro.com/srv2 directory ==> srv2.velaro.com server
etc...

so your public IP will give to www.velaro.com

Or, if they are exchange servers, then you simply add a Fronend Exchange server then it will talk to all the backend Exchange server.

If you worry about the load of that frontend server, then you can load balance it by adding more frontend server.  Load balance means you will have a virtual server name and a virtual IP address, and all users will get to the frontend server through that virtual IP or virtual name.  Direct access one server won't do the load balance for you.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 

Author Comment

by:jasenfici
ID: 11684716
thanks, I appreciate your comment, however, it is simply not the case.  The nature of the application does not provide well for load balancing, so each server must have its own public domain name.  They all need to cycle in through the firewall, then be distributed to their proper internal server based on that domain name.

take care,
Jasen
0
 
LVL 4

Accepted Solution

by:
batmon34 earned 375 total points
ID: 11691727
If that's what your app required, I still think it is the easiest to get more public IP addresses from your ISP.  If they can't, then tell them you have to switch to some other ISP...  then they will give you the IPs.  Or, you can get more IPs yourself and ask them to route them to your circuit for you.

If you still wanna use just one public IP, try point all FQDN to the same IP address.  Then, has a simple scripting page on the front end server that will see what FQDN name that user entered to get to your frontend server, then route to the correct internal server at the back.  However, if your app server been picky about all these little things, I think you will run into more problems by going with this path.
0
 

Author Comment

by:jasenfici
ID: 11700012
Thanks for all you're help batmon34.  I really do appreciate it, and of course that would be easier, it just wasn't possible.  We have decided that SEF is just too complicated, and that while it is probably a more robust system, we have decided to go with Microsoft ISA Server 2004 instead.  It took me 2 hours to do what I had strugged with under SEF for 2 weeks with no solution in site.

Thanks again!

take care,
Jasen
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question