Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can Symantec Enterprise Firewall route external domain names to an internal IP address?

Posted on 2004-07-30
6
Medium Priority
?
542 Views
Last Modified: 2013-11-16
Hi all,

I am trying to set up a Symantec Enterprise Server 8 on Windows 2003.  What we have are 10 different public domain names such as:

srv0.velaro.com
srv1.velaro.com
...
srv9.velaro.com

To conserve external IP address usage, we are required to have all the above domain names share the same IP address of 162.33.130.135
Internally, I have each one of those domains mapped to a different internal server, that has its own IP address.  What I need to know is if SEF can be configured to route external traffic based on a HTTP header domain name to a specific internal IP address?

Thanks!

Also, this may get over my head very quickly, so if anyone knows of a someone who is qualified to setup SEF, I'd LOVE to talk to them about paying for a few hours of their time for some remote admin.

Thanks again.

Jasen
0
Comment
Question by:jasenfici
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:batmon34
ID: 11683026
I don't think external IP addresses are that expensive...  Since you can afford 10 servers, you should be able to pay 9 additional public IPs.  Most ISPs are give them out free of charge.  They are not that exepnsive...

If you really wanna save $$, you should put all 10 sites on 1 server.  :-)
0
 

Author Comment

by:jasenfici
ID: 11683557
Its just not that easy.  ISP's are only given a specific number of addresses, and are gunshy about giving them out, even though it is possible.
I'd love to put them all on 1 server, but the servers run a pretty process intensive application that each get about a million hits a day, so its been built to be load balanced across 10.
I don't have or need 10 yet, I only have a few, but I am keeping them on 10 different internal IP addresses so that growth for me requires the simple addition of an internal machine and the reallocation of some internal IP addresses, not hte wholesale change of our firewall, routers, and public DNS settings.

Jasen
0
 
LVL 4

Expert Comment

by:batmon34
ID: 11684555
I don't think there is anything to do with your FW.  Basically you need a server in front of your 10 servers, and able to point to the right servers at back for you.  Depends one what you use.  For example, if they are web servers, then you can create a virtual directory for each server.  

frontend server: www.velaro.com, and has virtual directory for each of your server

www.velaro.com/srv0 directory ==> srv0.velaro.com server
www.velaro.com/srv1 directory ==> srv1.velaro.com server
www.velaro.com/srv2 directory ==> srv2.velaro.com server
etc...

so your public IP will give to www.velaro.com

Or, if they are exchange servers, then you simply add a Fronend Exchange server then it will talk to all the backend Exchange server.

If you worry about the load of that frontend server, then you can load balance it by adding more frontend server.  Load balance means you will have a virtual server name and a virtual IP address, and all users will get to the frontend server through that virtual IP or virtual name.  Direct access one server won't do the load balance for you.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:jasenfici
ID: 11684716
thanks, I appreciate your comment, however, it is simply not the case.  The nature of the application does not provide well for load balancing, so each server must have its own public domain name.  They all need to cycle in through the firewall, then be distributed to their proper internal server based on that domain name.

take care,
Jasen
0
 
LVL 4

Accepted Solution

by:
batmon34 earned 375 total points
ID: 11691727
If that's what your app required, I still think it is the easiest to get more public IP addresses from your ISP.  If they can't, then tell them you have to switch to some other ISP...  then they will give you the IPs.  Or, you can get more IPs yourself and ask them to route them to your circuit for you.

If you still wanna use just one public IP, try point all FQDN to the same IP address.  Then, has a simple scripting page on the front end server that will see what FQDN name that user entered to get to your frontend server, then route to the correct internal server at the back.  However, if your app server been picky about all these little things, I think you will run into more problems by going with this path.
0
 

Author Comment

by:jasenfici
ID: 11700012
Thanks for all you're help batmon34.  I really do appreciate it, and of course that would be easier, it just wasn't possible.  We have decided that SEF is just too complicated, and that while it is probably a more robust system, we have decided to go with Microsoft ISA Server 2004 instead.  It took me 2 hours to do what I had strugged with under SEF for 2 weeks with no solution in site.

Thanks again!

take care,
Jasen
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question