Topologies with firewalls: Exinda Appliance in a network with a firewall
Firewall topologies vary significantly. Typically, an Exinda appliance is deployed between the switch and internal interface of the firewall. This ensures the Exinda Appliance sees all hosts on the LANLocal area network.
Topology with firewalls
NOTE
Placing the Exinda Appliance between the router and external interface of the firewall will only monitor applications and IPInternet protocol addresses present on the external interface of the firewall. So, if your firewall performs Network Address Translation (NATNetwork Address Translation), the Exinda will only see the firewall's external IP address as the source address of the monitored flows.
Deploying an Exinda Appliance in-path of a DMZ
The Exinda appliance can be deployed in-pathIn-path refers to placing an between network devices that send and receive data packets to each other, like a switch and a router. An appliance deployed in-path automatically inspects all packets traveling along the path. of a DMZDemilitarized Zone, allowing monitoring, optimization and Application Acceleration of traffic to and from the DMZ.
NOTE
Define a network objecta logical definition created and stored in the Exinda lilbrary, can represent any network component called DMZ and mark it as "Internal," so the Exinda appliance can ignore all traffic between the local LAN and the DMZ.
Installing an Exinda Appliance in a network environment with a firewall
- Enable the appropriate bridges on the IP Address configuration page.
- Connect Exinda WAN2 into your router/firewall using a crossover cable.
- Connect Exinda LAN2 into the LAN switch.
- Connect Exinda LAN1 into the DMZ switch or host.
- Connect Exinda WAN1 in the DMZ interface of the firewall using a crossover cable.
There are a few Exinda Appliance basics to keep in mind while planning a deployment. For more information refer to Basic characteristics and behaviors of Exinda Appliances.