Create Access rules for inbound load balancing
You can apply Server Pool load balancing to the firewall configuration by adding the Server Pool to an IPv4 Access rule in the Firewall Policy.
When the rule matches traffic, the Server Pool uses NAT to change the destination IP address to the IP address of the server that the firewall selects for the connection. Reverse NAT (for the replies the server sends back to the client) is handled automatically. No separate NAT rule is required.
The IPv4 Access rules specify which traffic is directed to the Server Pool.
Note the following:
- The Server Pool does automatic NAT from the external addresses you configured in the Server Pool element to the addresses of the included servers. Make sure that there are no overlapping NAT rules in the policy. You can add a NAT rule that disables further NAT for matching connections (empty NAT cell), if necessary.
- If you want to balance traffic that arrives through a VPN using a Server Pool, NAT must be enabled in the properties of the VPN element (NAT is disabled by default for traffic that uses a VPN).
- You must create a separate rule for each Server Pool.
- If the same Server Pool provides more than one service, you must create a separate rule for each Service.
- You must enable Connection Tracking for the rule that directs traffic to the Server Pool. The Server Pool uses NAT, which does not work without Connection Tracking.
For more details about the product and how to configure features, click Help or press F1.