What is the easiest way to filter the IP ports of the NLB cluster?

The ABC.com network consists of a single Active Directory domain named ABC.com. All the
servers on the network run Windows Server 2003 servers and all the client computers run
Windows XP.
A two node network load balancing (NLB) cluster host a highly available intranet application. The
intranet application uses HTTP and HTTPS.
During the course of the day you receive an instruction from the CIO to reduce the cluster’s
vulnerability to attack by filtering the IP ports of the Network Load Balancing cluster.
What is the easiest way to filter the IP ports of the NLB cluster?

The ABC.com network consists of a single Active Directory domain named ABC.com. All the
servers on the network run Windows Server 2003 servers and all the client computers run
Windows XP.
A two node network load balancing (NLB) cluster host a highly available intranet application. The
intranet application uses HTTP and HTTPS.
During the course of the day you receive an instruction from the CIO to reduce the cluster’s
vulnerability to attack by filtering the IP ports of the Network Load Balancing cluster.
What is the easiest way to filter the IP ports of the NLB cluster?

A.
Enable Windows Firewall on each server. Configure Windows Firewall to allow only HTTP and
HTTPS traffic.

B.
Enable TCP/IP filtering in the Advanced TCP/IP properties on every server. Configure TCP
ports 80 and 443 as allowed ports.

C.
Configure port rules on the cluster to only permit ports 80 and 443 on the cluster IP address.

D.
Configure port rules on the cluster to only permit port 80 on the cluster IP address.

Explanation:
To implement filtering on the cluster using the minimum amount of administrative
effort so that only the intranet application ports are available on the cluster, you need to use
Network Load Balancing Manager to configure port rules and then allow only the intranet
application ports on the cluster IP address.
Through configuring port rules, you can specify how client requests are processed by the servers
in the NLB cluster. A port rule basically acts a filter on a specific port(s). You can specify a protocol
parameter and a filtering mode to configure the manner in which traffic must be load balanced
between servers in the NLB cluster. A port range can be configured to define the port or set of
ports that a port rule is applicable for. Two port ranges that overlap are not allowed.
Incorrect Answers
A: Windows Firewall cannot be used on the cluster. It can only be used on a server with ICS
enabled.
B: Using TCP/IP filtering on each server will not allow you to implement filtering on the cluster.
D: This answer is close but we need port 443 as well for HTTPS traffic.
Reference: Understanding Port Rules
http://www.tech-faq.com/network-load-balancing.shtml



Leave a Reply 0

Your email address will not be published. Required fields are marked *