[THIN] Re: CSG deployment question
- From: "Cornfield, Scott" <Scott.Cornfield@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Mon, 29 Nov 2004 10:33:09 -0000
Hi,
We have 2 CSG's set up fro redundancy as detailed below with both WI and CSG
installed on each server, they only accept traffic on 443. We use a Cisco
content switch (actually 2 with floating IP for redundancy), so we get
single IP and we have a FQDN set up.
Round robin is no good with 2 servers as this ends up with you starting your
session on one CSG and then attempting to finish it on the other one,
doesn't work!
Cheers
Scott
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of M
Sent: 27 November 2004 02:56
To: Thin@xxxxxxxxxxxxx
Subject: [THIN] CSG deployment question
Hello there,
Has anyone deployed the following CSG scenario as described in the CSG admin
guide ?
(Two seperate servers not the single server option)
"Web Interface Located Behind the Secure Gateway in the DMZ
All incoming traffic is intercepted by the Secure Gateway deployed in the
DMZ.
You can install the Web Interface on the same server as the Secure Gateway,
or
install it on a separate server. All data exchanged between client devices
and the
Web Interface is relayed through the Secure Gateway.
The firewall facing the Internet has port 443 open. Users connect to the
Secure
Gateway using a URL such as https://Secure Gateway FQDN/."
I presume you would only require a single valid external IP address for the
described scenario.
I must admit i have always installed two servers in "parallel" or a single
server with both CSG and WI on.
Any feedback on the described scenario ?
Regards
.
-----------------------------------------------------------------------
Information in this email may be privileged, confidential and is
intended exclusively for the addressee. The views expressed may
not be official policy, but the personal views of the originator.
If you have received it in error, please notify the sender by return
e-mail and delete it from your system. You should not reproduce,
distribute, store, retransmit, use or disclose its contents to anyone.
Please note we reserve the right to monitor all e-mail
communication through our internal and external networks.
-----------------------------------------------------------------------
Other related posts:
