Overview
The article introduces how to configure DNAT with Load Balancing for outside client can connect to Web Servers
Diagram
How to configure
Xg V18 Waf
Identifier for 2 Web server
XG Firewall v18 includes several performance gains that will breathe new life into your network, enabling you to handle more traffic and better secure it. If you haven’t upgraded to XG Firewall v18 already, you’re going to want to do so as soon as possible to take advantage of the substantial performance benefits waiting for you. XG hardware can run any v18 firmware except Cyberoam hardware, XG85 and XG105 they can NOT run v18 firmware due to a minimum memory requirement of 4 GB of RAM, therefore they will stay on v17.x until end of life (EOL).
Xg V18 Features
- Navigate to Hosts and Services -> Choose IP Host -> Click Add
- Name
- In IP Version: Choose IPv4
- In Type: Choose IP List
- In List of IP Address: Enter the IP Addresses of 2 web servers
-> Click Save
Create DNAT rule
- Rules and policies -> Choose NAT rules -> Click Add NAT rule -> New NAT rule
- Enter name for DNAT rule
- In Rule position: Choose Top
- In Original source: Choose Any
- In Original destination: Choose WAN port
- In Original service: Choose HTTPS
- In Translated source (SNAT): Choose Original
- In Translated destination (DNAT): Choose webservers which was created before
- In Translated service (PAT): Choose Original
- In Inbound interface: Choose WAN port
- In Outbound interface: Choose Any
Sophos Xg V18
- In Load Balancing method: Choose 1 on 5
- Round-robin: Requests are served sequentially, starting with the server next to the previously assigned server. Use it when you want to distribute traffic equally and don’t require session persistence.
- First alive: Incoming requests are served to the primary server (the first IP address of the range). If the primary server fails, requests are forwarded to the next server and so on. Use it for failover.
- Random: Requests are served randomly to the servers with equal load distribution. Use this when you want equal distribution and don’t require session persistence or order of distribution.
- Sticky IP: Traffic from a specific source is forwarded to the mapped server. Use this when you want the requests to be processed by the same server.
- One-to-one: Requests are sent to the mapped IP addresses. The IP addresses of the original and translated destinations must be equal in number.
Xg V18 Compatibility
- In Health check to check server
Xg V18 Mr4
-> Click Save