Web OS 10.0 Application GuideChapter 13: Firewall Load Balancing n 349212777-A, February 2002Adding a Demilitarized Zone (DMZ)Implementing a DMZ in conjunction with firewall load balancing enables the Web switch todo the traffic filtering, off-loading this task from the firewall. A DMZ is created by configuringFWLB with another real server group and a redirection filter towards the DMZ subnets.The DMZ servers can be connected to the Web switch on the dirty side of the firewall. A typi-cal firewall load balancing configuration with a DMZ is shown in Figure 13-10.Figure 13-10 Typical Firewall Load-Balancing Topology with DMZThe DMZ servers can be attached to the Web switch directly or through an intermediate hub orswitch. The Web switch is then configured with filters to permit or deny access to the DMZservers. In this manner, two levels of security are implemented: one that restricts access to theDMZ through the use of Web switch filters, and another that restricts access to the clean net-work through the use of stateful inspection performed by the firewalls.FirewallsDMZWeb SwitchesInternet PrivateNetworkNote: There can beone or two DMZs.Web Switches