How To Guides > Exinda Topologies > Topologies > Topologies with Firewalls

Topologies with Firewalls

Firewall topologies can vary significantly. Typically customers will place the Exinda between the switch and internal interface of the firewall. This ensures that the Exinda can see all hosts on the LAN.

All platforms support this topology.

	Note: Placing the Exinda appliance between the router and external interface of the firewall will only monitor applications and IP addresses present on the external interface of the firewall. So if your firewall performs Network Address Translation (NAT), you will only see the firewall's external IP address as the source address of the monitored flows, rather than their internal addresses.

Note:

Placing the Exinda appliance between the router and external interface of the firewall will only monitor applications and IP addresses present on the external interface of the firewall. So if your firewall performs Network Address Translation (NAT), you will only see the firewall's external IP address as the source address of the monitored flows, rather than their internal addresses.

DMZ

The Exinda appliance can be deployed in-path of a DMZ, allowing for Monitoring, Optimization and Application Acceleration of traffic to/from the DMZ.

	Note: You will need to define a Network Object called DMZ and mark it as "Internal", so that the Exinda appliance can ignore all traffic between the local LAN and the DMZ.

Note:

You will need to define a Network Object called DMZ and mark it as "Internal", so that the Exinda appliance can ignore all traffic between the local LAN and the DMZ.

Installation

Enable the appropriate bridges on the IP Address configuration page.
Connect Exinda WAN2 into your router/firewall using a crossover cable.
Connect Exinda LAN2 into the LAN switch.
Connect Exinda LAN1 into the DMZ switch or host.
Connect Exinda WAN1 in the DMZ interface of the firewall using a crossover cable.