I have an application server which sits behind a Cisco CSS (11000).
The CSS has been configured to route any traffic on port 443 to one one
of the Apache instances on one of the application servers. I did this
by using a "url" value in the content rule of "//*". I had to use an
*everything* content rule url b/c the traffic is encrypted and the CSS
cannot discern any part of the encrypted URL.
This setup seems to work fine for *inbound* traffic. The problem i
have is when our application needs to connect to remote services over
HTTPS (e.g., port 443). The CSS sees this *outbound* traffic and
re-routes it to one of the *internal* application servers.
My question is this:
Can i add another NIC to our application servers and setup a separate
network segment for *outbound* HTTPS traffic? I was thinking that i
could put another NIC on both application servers AND our Cisco PIX
firewall. The topology would look something like the following:
---------
| Pix |
---------
192.168.1.1 | |192.168.3.1
| |-----------|
| |
|-------| |
| CSS | (192.168.3 switch)
|-------| | |
| | |
| | |
(192.168.1 switch) | |
| | | |
| | | | [ outbound HTTPS traffic ]
|--------| |--------| | |
| app1 | | app2 | | |
|--------| |--------| | |
| | | |
| |--------- |
|----------------------|
I'm not sure how to configure the linux application servers to route
any HTTPS traffic on the 192.168.3 network segment.
Any help is greatly appreciated!
Andy
|
Similar Threads
Linear Mode
