Enable Server Pool load balancing using Access rules
NAT rules are the preferred way to enable Server Pool load balancing. For backward compatibility, it is still possible to enable Server Pool load balancing using Access rules.
When you use a Server Pool element in the Destination cell of an Access rule, the rule enables Server Pool load balancing and specifies which traffic is directed to the Server Pool. When the rule matches traffic, the Server Pool uses NAT to change the destination IP address to the IP address of the server that the firewall selects for the connection. Reverse NAT (for the replies the server sends back to the client) is handled automatically. No separate NAT rule is required.
- The Server Pool does automatic NAT from the external addresses you configured in the Server Pool element to the addresses of the included servers. Make sure that there are no overlapping NAT rules in the policy. You can add a NAT rule that disables further NAT for matching connections (empty NAT cell), if necessary.
- If you want to balance traffic that arrives through a VPN using a Server Pool, NAT must be enabled in the properties of the VPN element (NAT is disabled by default for traffic that uses a VPN).
- You must create a separate rule for each Server Pool.
- If the same Server Pool provides more than one service, you must create a separate rule for each Service.
- You must enable Connection Tracking for the rule that directs traffic to the Server Pool. The Server Pool uses NAT, which does not work without Connection Tracking.
For more details about the product and how to configure features, click Help or press F1.