firewall load balancing without layer 4 switch

Unanswered Question
Feb 4th, 2007

We want to firewall load balancing.

Firewall LB can be possible, without placing the layer4 switch the front of and the back of firewall?

If so, how can it be possible?

Probably, is that why two firewalls exchange nat table information (packet session information)through the direct synchronization link?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Sun, 02/04/2007 - 20:46

Hello Joong

Which firewalls are these ?? PIX or ASA?? V 6.3 or 7.x ?? with Version 7.x you have the multiple context licenses available to do active active on the firewalls.. it can still be called as load-sharing and not load-balancing... Do you want the traffic going to the firewalls, load balance to both the devices or is it something else?? if yes, then A/A firewalling is one solution !!!!

Hope this helps.. all the best.

Raj

joong-holee Tue, 02/06/2007 - 16:35

Thanks.

I would like to confirm the topology, active-active firewalling without LAYER 4 SWITCH.

PIX with version 7 enables active-active firewall loadsharing ? If so, what protocol is used for this load-sharing? VRRP or proprietary HA(High availability) protocol?

sachinraja Tue, 02/06/2007 - 16:53

Hello Joong,

The firewalls basically use the standard High availability protocol... You will basically allocate networks to multiple contexts and use the secondary unit also for some of the network traffic !!! you can on a whole, think this as M-HSRP feature on routers !!!!

For more info on Active/Active failover use the following resource:

http://cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247e.html#wp1052847

There is also a very good training resource on this. see if you can access this:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

Hope this helps.. all the best.. rate replies if found useful..

RAj

sachinraja Tue, 02/06/2007 - 15:47

Hello Joong,

Do you need any other assistance with this post ? Do let us know.

Raj

Actions

This Discussion