Working with Clusters and Match Rules
Server Side Encryption
Note
- Server Side Encryption is not supported on GX Series Equalizers.
In a potentially dangerous scenario, you may be load balancing traffic and forwarding it to back-
end servers along untrusted paths. Vital credit card and personally identifying information could
be vulnerable during its back-end transit to clients unless you-encrypt it. Server Side Encryption
(SSE) provides you with the ability to configure a cluster and/or match rule so that traffic between
Equalizer and back end servers is encrypted using SSL/TLS, eliminating the untrusted paths.
A client’s HTTPS request is encrypted along its path from the client to Equalizer. Equalizer
terminates the SSL/TLS connection with the client, decrypts the client request using a certificate
and key and then forwards unencrypted HTTP traffic to the servers. When the server replies, the
server connects with Equalizer via clear text HTTP. Equalizer, then encrypts the response and
forwards it via HTTPS back to the client. Using SSE, the vulnerable path between your appliance
and servers can be encrypted by enabling cluster options.
With Equalizer, Match Rules extend the Layer 7 load balancing capabilities of HTTP and HTTPS
clusters by allowing you to define a set of logical conditions which, when met by the contents of
the request, trigger the load balancing behavior specified in the match rule.You have the option of
utilizing this intelligence as you have the capability of encrypting packets specifically identified by
the match rule definitions.
Equalizer provides configuration options, whereby you could encrypt all traffic between the
servers and your appliance or content-specific traffic, based on a match rule.The table below
explains possible Cluster/Match Rule encryption scenarios:
Cluster/Match Rule Encryption Enabled
Usage
Cluster Enabled/Match Rule Enabled
Used to encrypt all packet transfers between Equalizer and all of
your servers.
Cluster Enabled/Match Rule Disabled
Used to encrypt all packet transfers from Equalizer, regardless of
match rule definitions.
Cluster Disabled/Match Rule Enabled
Used to encrypt only those packets specified by the enabled match
rule definition.
358
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......