Hi all !
i have a question about fwsm and how to bypass its session inspections without causing them to drop .
due to number of connections capacity limitations of our FWSM's, we have made a temporary solution utilizing few FWSMs and sharing the load between them using PBR [ tested on Cat6x in hardware ]
its not pretty but it would let us go through the winter
my question here is for firewall guys :
if im LB between the firewalls and like to make an adjustment in the traffic and move a certain range in the PBR from FW1 to FW2 ,
regularly the connection would be tore down and would need to be re-established . this means Downtime .
i would like to find any way i can cause FW2 to allow the "moved" connections to pass and continue on FW2 .
if it involves disabling a feature for x period of time and then re-enabling it - ok , anything is good .