Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
800
Views
0
Helpful
4
Replies

firewall load balancing without layer 4 switch

joong-holee
Level 1
Level 1

‎02-04-2007 08:39 PM - edited ‎03-11-2019 02:29 AM

We want to firewall load balancing.

Firewall LB can be possible, without placing the layer4 switch the front of and the back of firewall?

If so, how can it be possible?

Probably, is that why two firewalls exchange nat table information (packet session information)through the direct synchronization link?

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎02-04-2007 08:46 PM

Hello Joong

Which firewalls are these ?? PIX or ASA?? V 6.3 or 7.x ?? with Version 7.x you have the multiple context licenses available to do active active on the firewalls.. it can still be called as load-sharing and not load-balancing... Do you want the traffic going to the firewalls, load balance to both the devices or is it something else?? if yes, then A/A firewalling is one solution !!!!

Hope this helps.. all the best.

Raj

0 Helpful

joong-holee
Level 1
Level 1
In response to sachinraja

‎02-06-2007 04:35 PM

Thanks.

I would like to confirm the topology, active-active firewalling without LAYER 4 SWITCH.

PIX with version 7 enables active-active firewall loadsharing ? If so, what protocol is used for this load-sharing? VRRP or proprietary HA(High availability) protocol?

0 Helpful

sachinraja
Level 9
Level 9
In response to joong-holee

‎02-06-2007 04:53 PM

Hello Joong,

The firewalls basically use the standard High availability protocol... You will basically allocate networks to multiple contexts and use the secondary unit also for some of the network traffic !!! you can on a whole, think this as M-HSRP feature on routers !!!!

For more info on Active/Active failover use the following resource:

http://cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247e.html#wp1052847

There is also a very good training resource on this. see if you can access this:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

Hope this helps.. all the best.. rate replies if found useful..

RAj

0 Helpful

sachinraja
Level 9
Level 9

‎02-06-2007 03:47 PM

Hello Joong,

Do you need any other assistance with this post ? Do let us know.

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card