Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

One for All

The chassis comprises a series of diskless Linux workstations that connect to the operating system via an NFS (Network File Sharing) mount. The X40 Crossbeam I tested in our Syracuse University Real-World Labs® had two network blades, two management blades and five application blades, but the unit can handle a maximum of 10 application blades. The blades are tied together through the backplane to the management and network interfaces. The X40 automatically assigns and reassigns blades for your application needs: Simply ask it to give you two blades for firewalls, and the X40 does the rest. For logging or storage, you can outfit the application blades with a local hard drive.

CrossBeam X40
click to enlarge

Crossbeam lets you configure the X40 via a connected console cable, telnet or SSH, or from the Web GUI. The first step is to create Virtual Application Processor (VAP) groups--a selection of blades for failover or load-balancing. Next you need to prioritize the blades for failover. In the event no standby blades are left, you'll have the option to swap out a blade with a lower priority. Although you can give the VAP groups multiple applications to run simultaneously, Crossbeam recommends one application per blade.

I asked the X40 to assign two Check Point Software Technologies firewalls in load-balancing mode, one Snort IDS and Trend Micro's InterScan VirusWall antivirus product to the blades. This left me with one application blade for standby.

Running the Circuit

I indicated the IP addresses of the VAP groups and assigned IPs for the internal and external ports of my firewall and antivirus groups. The Snort IDS sits in promiscuous mode, so I didn't need to assign it an IP. Then I designated the paths over which traffic would flow. I set VirusWall to scan all Web traffic for viruses by using the antivirus product as a Web proxy. I also set up a rule that VirusWall would forward its traffic to one of the Check Point firewalls, and I configured the firewalls as if they were standalone boxes. Finally, I tied my circuits to physical interfaces, and I was ready to test.

  • 1