CISCO vooluandur ja koormuse tasakaalustaja
Sissejuhatus
If a load balancer is installed in front of a resource on the network, it obscures visibility and may reduce the detection of threats in the Secure Network Analytics system. Use the instructions in this guide to configure the load balancer and Flow Sensor. This configuration stitches the client side and server side flows together, so the outside host connects to the inside host, providing visibility and enhanced security on the Flow Sensor and the Secure Network Analytics system.
Publik
The primary audience for this guide includes administrators responsible for configuring the Secure Network Analytics system.
Enne alustamist
Before starting the procedures in this guide, you should do the following:
- Confirm that your Secure Network Analytics system is communicating. Go to the Desktop Client. Check the Alarm Table to make sure there are no active Management Channel Down or Failover Channel Down alarms.
- Confirm that your Secure Network Analytics system appliance licenses are active.
Configuring the Load Balancer
Use the following instructions to configure the load balancer. You will disable the X-Forwarded-For (XFF) option for HTTP, create an iRule, and enable a virtual server resource. If you prefer to use an existing iRule, you can modify it using the information provided here. For successful integration, apply the instructions in this section to all load balancers in the network. The instructions in this guide show the configuration on an F5 Load Balancer as an example, but we believe this configuration can be used on all types of load balancers.
Disabling the XFF Option for HTTP
Use the following procedure to disable the XFF option for HTTP.
The built-in functionality to insert data in an XFF HTTP header must be disabled in the F5 Load Balancer as follows:
- Log in to the F5 Load Balancer configuration utility.
- Under the Main tab, click Local Traffic.
- Klõpsake nuppu Profiles > Services > HTTP.
If HTTP is not shown in the Services menu, skip to step 8. 
Click http.- Under Settings, locate Insert X-Forwarded-For.
- Select Disabled from the drop-down list (or uncheck the Enabled check box to clear it).
- Klõpsake nuppu Värskenda.
- From the Services menu, click Fast HTTP.
If Fast HTTP is not available in the Services menu, skip the rest of this section. Proceed to Creating the iRule. - Locate Insert X-Forwarded-For.
- Select Disabled from the drop-down list (or uncheck the Enabled check box to clear it).
- Click the Update button to save and exit.
- Continue to Creating the iRule.
Creating the iRule
Use the following instructions to add an iRule for the XFF header. This procedure is used to map the Load Balancer IP and ensure that accurate port and protocol information are reported to the Flow Sensor. If you prefer to use an existing iRule, you can modify it using the information provided here.
To create an iRule for the XFF header in the F5 Load Balancer, complete the following steps:
- In the Main tab, click Local Traffic.
- Click iRules.
- Klõpsake nuppu Loo.
- In the Name field, enter xff.
- Copy and paste the following text into the Definition field:
when CLIENT_ACCEPTED {
if { [PROFILE::exists clientssl] } then {
set client_protocol “https”
set local_port 443
} muu {
set client_protocol “http”
set local_port 80
}
}
when HTTP_REQUEST {
if { [HTTP::header exists “X-Forwarded-For”] } {
HTTP::header replace X-Forwarded-For “[HTTP::header X-Forwarded-For], [IP::client_addr]”
} muu {
HTTP::header insert “X-Forwarded-For” [IP::client_addr] }
if { [HTTP::header exists “X-Forwarded-Proto”] } {
HTTP::header replace X-Forwarded-Proto “[HTTP::header X-Forwarded-Proto], $client_protocol”
} muu {
HTTP::header insert “X-Forwarded-Proto” $client_protocol
}
if { [HTTP::header exists “X-Forwarded-Port”] } {
HTTP::header replace X-Forwarded-Port “[HTTP::header X-Forwarded-Port], [TCP::client_port]”
} muu {
HTTP::header insert “X-Forwarded-Port” [TCP::client_port] }
if { [HTTP::header exists “X-Forwarded-Host”] } {
HTTP::header replace X-Forwarded-Host “[HTTP::header X-Forwarded-Host], [IP::local_addr]:$local_port”
} muu {
HTTP::header insert “X-Forwarded-Host” [IP::local_addr]:$local_port
}
} - Click the Finished button to save and exit.
- Continue to Adding the iRule as a Virtual Server Resource.
Adding the iRule as a Virtual Server Resource
To enable a virtual server, the new XFF iRule must be added as a resource in the F5 Load Balancer. This step enables the load balancer to report the XFF Header.
- Under the Main tab, click Local Traffic.
- Click Virtual Servers.
- Locate the Service Port column and find Service Port 80 (HTTP) or 443 (HTTPS) that is handling the traffic handled by the device. Click the Virtual Server name.
- Klõpsake vahekaarti Ressursid.
- In the iRules section, click the Manage button.
- Scroll through the Available iRules to find the new XFF iRule. Click the XFF iRule to select it.
- Click on the << button to add the XFF iRule to the Enabled box.
- Click the Finished button to save and exit.
Configuring All Load Balancers in the Network
If there are multiple load balancers chained on the network, apply the preceding instructions in this Configuring the Load Balancer section on each load balancer before proceeding to Enabling XFF Processing on the Flow Sensor.
Configuring each load balancer preserves the XFF information and appends it. In this configuration, the Flow Sensor will report only the original load balancer IP in the translated host.
Configuring the Load Balancer instructions include the following:
- Disabling the XFF Option for HTTP
- Creating the iRule
- Adding the iRule as a Virtual Server Resource
Enabling XFF Processing on the Flow Sensor
To process the XFF header field on the Flow Sensor, complete the following steps:
- Logi sisse oma haldurisse.
- Click Configure > Global > Central Management.
- Click the (Ellipsis) icon for your Flow Sensor, then click View Appliance Statistics. The Flow Sensor Admin interface opens.
- Click Configuration > Advanced Settings.
- Check the Enable X-Forwarded-For Processing check box.
- Klõpsake nuppu Rakenda.
- Repeat these instructions on all Flow Sensors in the network that are receiving load balancer support.
- Continue to Verifying the Configuration.
Konfiguratsiooni kontrollimine
To verify the load balancer configuration, log in to the Desktop Client or the Web App. The Desktop Client provides the load balancer IP address and port, and the Web Client provides the load balancer IP address.
Verifying the Configuration in the Manager Desktop Client
Use the following instructions to review the load balancer IP address and port in the Desktop Client.
- To generate X-Forwarded-For traffic on a client in front of the F5 Load Balancer, use a browser on a web server located behind the load balancer to log in to the Desktop Client.
- Locate the Flow Sensor in the Enterprise Tree. Right-click the Flow Sensor name (or IP address).
- Click Flows > Flow Table.
- Review the Translated Host and Translated Port columns to confirm the F5 Load Balancer IP address and port are shown.
- Translated Host (load balancer IP address)
- Translated Port (load balancer port)
Adding Columns to the Flow Table (Desktop Client)
If the Translated Host and Translated Port columns are not shown in the Desktop Client Flow Table, complete the following steps:
- Right-click any column.
- Scroll through the list. Select More until you reach the T’s.
- Click Translated Host and Translated Port to add them to the Flow Table.
Verifying the Configuration in the Web Rakendus
Use the following instructions to review the load balancer IP address in the Web App. The translated port is not available in the Web App. See Verifying the Configuration in the Manager Desktop Client to verify the port.
- Avage a web page on the server (behind the F5 Load Balancer).
- Logige haldurisse sisse.
- Click Investigate > Flow Search.
- Klõpsake nuppu Otsi.
- When the Flow search results display flows, click Manage Columns.
- Click the check box to add a check mark to Peer NAT and Subject NAT.
- Klõpsake nuppu Määra.
- Confirm the load balancer IP address is shown in the Peer NAT column or the Subject NAT column.
The column is determined by the direction of the flow.
Toega ühenduse võtmine
Kui vajate tehnilist tuge, tehke ühte järgmistest.
- Võtke ühendust kohaliku Cisco partneriga
- Võtke ühendust Cisco toega
- Juhtumi avamiseks web: http://www.cisco.com/c/en/us/support/index.html
- Telefonitoe jaoks: 1-800-553-2447 (USA)
- Ülemaailmsed tuginumbrid: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Muudatuste ajalugu
| Dokumendi versioon | Avaldamise kuupäev | Kirjeldus |
| 1_0 | 11. august 2025 | Esialgne versioon. |
Autoriõiguse teave
Cisco ja Cisco logo on Cisco ja/või tema sidusettevõtete kaubamärgid või registreeritud kaubamärgid USA-s ja teistes riikides. To view Cisco kaubamärkide loend, avage see URL: https://www.cisco.com/go/trademarks. Mainitud kolmandate isikute kaubamärgid on nende vastavate omanike omand. Sõna partner kasutamine ei tähenda partnerlussuhet Cisco ja ühegi teise ettevõtte vahel. (1721R)
© 2025 Cisco Systems, Inc. ja/või selle sidusettevõtted. Kõik õigused kaitstud.
KKK
Mis on selle juhendi eesmärk?
This guide provides instructions for configuring the load balancer and Flow Sensor to enhance security and visibility in the Secure Network Analytics system.
Who is the intended audience for this guide?
The guide is intended for administrators responsible for configuring the Secure Network Analytics system.
What should I do before starting the procedures in this guide?
Ensure your Secure Network Analytics system is communicating and that appliance licenses are active.
How do I contact Cisco Support?
You can contact Cisco Support via their website, phone, or by reaching out to your local Cisco Partner.
Dokumendid / Ressursid
 |
CISCO vooluandur ja koormuse tasakaalustaja [pdfKasutusjuhend Vooluandur ja koormuse tasakaalustaja, andur ja koormuse tasakaalustaja, koormuse tasakaalustaja, tasakaalustaja |