Chapter 11. Switching Secured Content

Chapter Goals

You will learn how to configure content switching for the following security protocols in this Chapter:

  • Secure Sockets Layer (SSL)TerminationYou can configure your content switch to terminate SSL connections on behalf of clients.

  • Firewall Load Balancing (FWLB)You can configure your content switch to distribute client traffic across multiple firewalls.

  • Virtual Private Network (VPN) Load Balancing (FWLB)You can configure your content switch to distribute client traffic across multiple VPN concentrators.

  • SYN-Cookies for SYN-Flood ProtectionYou will learn how the CSM uses SYN-cookies to prevent SYN-food attacks from flooding the CSM's connection table.

In Chapter 10, "Exploring Server Load Balancing, " you learned how to configure content switching to accelerate your applications through the use of server load balancing. In this Chapter, you'll learn four popular ways to accelerate secure content delivery by using content switching:

  • SSL Termination You learned about the operation of the SSL protocol in Chapter 8, "Exploring the Application Layer." Here, you will learn how content switches can off-load SSL computations from your origin servers to dedicated SSL devices and modules.

  • Firewall Load Balancing As you learned in Chapter 4, "Exploring Security Technologies and Network Infrastructure Designs," firewalls provide stateful packet inspection and maintain the context within and across TCP and UDP connections. In this Chapter, you will learn how to load balance your traffic across multiple stateful firewalls.

  • VPN Load Balancing VPN devices can provide site-to-site or remote access for your corporate users. Content switches can also provide load balancing across multiple VPN concentrators.

  • SYN-Flood Protection The Content Switching Module (CSM) uses SYN-cookies to prevent SYN-floods from flooding its connection table.

