Enterprise to build a website, the most painful is the limited funds and unlimited performance requirements. Web designers are always wary of hardware inputs: minicomputer is too expensive, not as good as the PC to do load balance, the external services provided more, or buy more than a few PCs, each two provide a service, the overall performance and reliability are guaranteed; security must be considered, at least one firewall. Beijing An Enterprise Portal is in accordance with this idea began to build, decided to provide Web, FTP download, online on-demand services, and scheduled the opening date.
Website system of the stage, suddenly found that the original consideration of defects, only a public network of IP address can be used, to provide a large pile of services. Moreover, most firewalls claim that "load balancing" is not the network layer of "load balancing", but based on proxy, can only support the Web, does not support other businesses, especially the site painstakingly developed for many years, the characteristics of the existence of services. If not accidentally discovered the Gaoyang ds2000-biz firewall, originally did the design young man to face laid off.
Gaoyang's ds2000-biz firewall exterior and most firewalls are not much different, providing a extranet, intranet interface, external services to provide servers are placed in the DMZ area. The instructions are very concise, but the content is very detailed, according to the requirements of the manual slightly configured, the firewall is working.
After simply setting a few security rules, the focus is on solving network address problems. However, in the ds2000-biz setup software, it can be found that the solution of the problem is unusually simple. The IP address of the public network is first given to the external network port. Then, set the dynamic address conversion, the network address segment map to the public IP address, intranet users have been able to normal access to the Internet. The 80-Port IP address of the public network assigned to the WWW service, and then fill in 2 www server in the DMZ area IP address, find a laptop dial-up Internet access, with a browser, normal. In the background you can see that 2 WWW servers are working, the load is basically the same.
FTP Server load Balancing Setup with this acquaintance, very simple. The same test, the work is in good condition. In fact, the FTP service load balance is difficult to achieve. Because the WWW service is connectionless, it has no impact on which server each request is sent to, but unlike the FTP service, the firewall must "remember" each connection and "stay". Ds2000-biz firewall in this aspect of the high degree of intelligence, users save a lot of trouble.
After the FTP server was solved, the online VOD service was also successfully implemented. Ds2000-biz firewall through the reuse of a unique public network IP address, all realize the company's internal internet access and provide a variety of service requirements, and there is no conflict between each other, based on the network layer of "load balancing" work smoothly, everything is so easy.
After everything is installed, safety inspection is necessary. Pin Scan, SYN attack, IP fragment attack, whether win NT or recently popular Linux should be down, but in the Ds2000-biz firewall under the protection of the server unexpectedly did not respond. Then take turns with ISS, Saint Scan, simulate attack, still found no loophole. The state monitoring of the firewall can clearly see the behavior of each attack, so that in the side to do the simulation attack of the brother is discouraged.