Load Balancing with PIX 525 firewall

Answered Question
Feb 4th, 2009

I read that PIX 525 Firewall supports load balancing. How can I configure PIX 525 firewall to perform load balancing if I have two Internet Providers?

I have this problem too.
0 votes
Correct Answer by eddie.mitchell@... about 7 years 11 months ago

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
eddie.mitchell@... Thu, 02/05/2009 - 12:26

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?

A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

Actions

This Discussion