Working with Clusters and Match Rules
Flag
Description
Spoof
When the spoof option is enabled on a cluster, Equalizer uses the client’s IP
address as the source IP address in all packets sent to a server in that cluster.
This option is enabled by default.
When spoof is enabled, all server responses to client requests that came
through the Equalizer cluster IP address must be routed by the server back to
the client through Equalizer. In many cases, the easiest way to do this is to set
the default gateway on the server with a server instance in a server pool to
Equalizer’s IP address on the server VLAN. If this is not possible, you can
establish static routes on the server to send responses to specific client IP
addresses to Equalizer’s IP address on the VLAN.
If you disable spoof, the server receiving the request will see Equalizer’s IP
address as the client address because the TCP connection to the client is
terminated when the request is routed. The server will therefore send its
response back to Equalizer’s IP address. Disabling the spoof option enables
Source Network Address Translation (SNAT).
Rewrite Redirects (HTTPS
only-not shown above)
When enabled, forces Equalizer to pass responses from an HTTPS cluster’s
servers without rewriting them. In the typical Equalizer setup, you configure
servers in an HTTPS cluster to listen and respond using HTTP; Equalizer
communicates with the clients using SSL. If a server sends an HTTP redirect
using the Location: header, this URL most likely will not include the https:
protocol. Equalizer rewrites responses from the server so that they are HTTPS.
You can direct Equalizer to pass responses from the server without rewriting
them by enabling this option.
Ignore Critical Extensions
(HTTPS only- not shown
above)
Control whether Equalizer will process "CRL Distribution Point" extensions in cli-
ent certificates. This option only affects the processing of the "CRL Distribution
Point" extension in client certificates:
When
Ignore Critical Extensions
is disabled, a client certificate presented to
Equalizer that includes any extension will be rejected by Equalizer . This is the
behavior in previous releases.
When
Ignore Critical Extensions
is enabled (the default), a client certificate
presented to Equalizer that has a CRL Distribution Point extension will be pro-
cessed and the CRL critical extension will be ignored. Note, however, that if
other extensions are present in a client certificate they are not ignored and will
cause the client certificate to be rejected by Equalizer.
Click on the
Commit
button after making changes to the settings.
346
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......