Load Balancing with PIX 525 firewall

Answered Question
Feb 4th, 2009
User Badges:

I read that PIX 525 Firewall supports load balancing. How can I configure PIX 525 firewall to perform load balancing if I have two Internet Providers?

Correct Answer by eddie.mitchell@... about 8 years 3 months ago

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?


A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
eddie.mitchell@... Thu, 02/05/2009 - 12:26
User Badges:
  • Silver, 250 points or more

Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load-balancing)?


A. No, you cannot load-balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. When you connect two ISPs to a single PIX, it means that the Firewall needs to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load-balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Alternatively, (if possible) you can use Open Shortest Path First (OSPF) which supports load balancing among a maximum of three peers on a single interface.

c-niwagaba Thu, 02/05/2009 - 21:35
User Badges:

Thank you for this answer, it has been really helpful.

Actions

This Discussion