Configure load balancer or firewall

The embedded servers page provides information a DMZ or network administrator needs to configure the load balancer or firewall to send external connections to the correct ports. One way to open the page is to select System management > Manage embedded servers. See Manage embedded servers for more information about the page.

Most likely, only the simplest setup would send connections directly from the outer firewall to the DMZ node. That would be the case if there was just one Interchange node and only one DMZ node. There would be no need for a load balancer. But if there are multiple cluster machines or multiple DMZ nodes or both, a load balancer is needed.

Configure load balancer

It is imperative to configure your load balancer to correctly recognize the complete set of DMZ hosts and ports. It must send connections to all the listed ports on all the listed DMZ hosts.

In the example cited in Enable port forwarding for an exchange, the load balancer would send connections to the following four locations:

dmz1:4021, dmz1:4022, dmz2:4021, dmz2:4022

Update load balancer as needed

When you make changes that affect ports, Interchange cannot verify the settings of devices in the DMZ. For example, if you add a host machine to your cluster, the user interface automatically suggests additional DMZ ports on the embedded servers page. But it cannot automatically add the ports to your load balancer configuration. It is important for you to follow up by working with your DMZ or network administrator.

It is important to update your load balancer configuration whenever either of the following occurs:

  • You add a new host machine to the cluster (since this would add a new DMZ port on each DMZ node for every embedded server).
  • You add a new DMZ node (since this would add a new host machine that is listening on the same DMZ ports as the existing DMZ nodes).

As a general rule, when you add transport servers or host machines in the cluster, refer your DMZ or network administrator to the information on the embedded servers page to determine whether corresponding changes are necessary in the load balancer or firewall. This rule also applies when enabling DMZ port forwarding for an embedded server that previously did not use it.

Related topics

Related Links