I have been working with support, however, they are unsure of the validity of my configuration.

We are setting up a very basic vShield edge appliance for the sole purpose of load balancing web traffic (80/443/5222) for our Angel Learning Management solution. We have two web servers configured, both are working without issue. The two servers reside in our DMZ VLAN as they will be used both internally and externally.  I also did this in case there is a failure with the load balancer appliance, we can just change the DNS and route to one of the servers.

On the vShield edge, I am not sure if this is configured properly, as I could not find very clear documentation for a very basic implementation such as ours.  The vEdge lives in the DMZ, and has one configured interface in that VLAN.  The traffic then points to that internal interface, and the two web servers are configured in the load balance pool.

This works ... sometimes.  Many times the first time you try to connect, you get a '503 no server available to take this request' however, refreshing usually gets things working. Also the initial page load time can be very slow, but after the session is established, it is quite speedy.

If it was not clear in my description, one of my main questions with this configuration: is it acceptable to have only a single interface on the Edge, or is this causing me problems?  If I need more than one interface, can they be in the same broadcast domain/VLAN?

Lastly, the pool members show a 'down' status for the services (but only when you click the members detail, they show up under the pool), even though they are indeed up and running.  This seemed to start when I added the TCP 5222 service (which is only used by one of the servers in the pool).

I appreciate any help that can be offered.

Attached: Screen shots.