Example: Load balancing for web servers

To configure load balancing for multiple web servers, you can set up a Server Pool.

Company A has three web servers to handle the large volume of traffic its website receives. The administrators have previously created Host elements to represent their web servers and created NAT rules to assign an external IP address to each web server.

Now the administrators want to distribute the load of the traffic between the servers. The administrators:
  1. Create a Server Pool element and add the Host elements to it. Because they are not balancing incoming connections to the Server Pool between multiple Internet connections, the administrators select the Not Specified NetLink.
  2. Add the following Access rule to the Firewall policy to allow HTTP connections from addresses that are not internal (Not Internal expression) to the external IP addresses of the Server Pool.
    Source Destination Service Action
    Not Internal network expression Host elements that represent the external IP addresses of the Server Pool HTTP Allow
    Note: The administrators do not use the Server Pool element in the Access rule because they want to use NAT rules to enable Server Pool load balancing. If the Destination cell of an Access rule contains a Server Pool element, the Access rule applies Server Pool load balancing, and the NAT rules are ignored.
  3. Delete the existing NAT rules that translate the IP address of each server so that NAT rules for Server Pool load balancing do not conflict with them.
  4. Add the following NAT rule to the Firewall policy to enable Server Pool load balancing and specify which traffic is directed to the Server Pool:
    Source Destination Service NAT
    Not Internal network expression Server Pool element HTTP Destination: Server Pool External Addresses to Server Pool Members
    Note: Destination translation is automatically configured when the administrators add a Server Pool element to the Destination cell.
  5. Define options for source address translation so that return packets from servers in the Server Pool to the clients are routed through the NGFW Engine.
  6. Save and Install the Firewall Policy to transfer the changes.