Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Load Balancing with two PIX Firewalls

Does anybody perhaps know if it is possible to do load-balancing with two Pix Firewalls ? I heard something about this but I do not find anything back on CCO.

Thanks

12 REPLIES
New Member

Re: Load Balancing with two PIX Firewalls

there's a product called 'fireproof' that will load balance firewall's and VPN's. made by a company called radware

New Member

Re: Load Balancing with two PIX Firewalls

I know It can do load-balancing for two pix firewall by L4 -switch(such as cisco css-11k serial).Perhaps You can search CSS-11k switch to find some information on CCO.

New Member

Re: Load Balancing with two PIX Firewalls

What about SLB, included in IOS12.1? I am going to try it with 2 Gauntlets. It makes mention of firewall load-balancing. I am hoping that it will not put too much of a load on my router.

New Member

Re: Load Balancing with two PIX Firewalls

I am currently involved in a project where we have implemented firewall load balancing using the Cisco/ArrowPoint CS11150 devices. It seems to work well. We are using Checkpoint firewalls but I believe it is possible to use PIX's.

Checkout http://www.cisco.com/warp/customer/117/fw_load_balancing.html

Hope this helps

Regards Brett

New Member

Re: Load Balancing with two PIX Firewalls

We are looking at a similar implementation and have discovered a few things. When using the Arrowpoints / Cisco LBs, you have to add L2 switches between each set of LBs and the firewalls, on the inside and outside, to load balance the firewalls. Because the Arrowpoints don't route traffic through themselves, you won't have enough paths to load balance without the L2 switches. There is a funky work around if you don't have the switches but the word from the TAC is that they won't support it. If you just want to do failover, you don't need the external LBs or L2 switches.

New Member

Re: Load Balancing with two PIX Firewalls

You might want to search CCO for "FWLB" and check this url:

http://www.cisco.com/warp/partner/synchronicd/cc/pd/si/casi/ca4800/prodlit/4840_ds.htm

regards,

Rick.

New Member

Re: Load Balancing with two PIX Firewalls

I heard rumors that the PIX rev 5.3 was suppose to be able to do load balancing on it's own...so far I have not seen a trace of it. Does anyone have any info on load balancing with rev 6?

New Member

Re: Load Balancing with two PIX Firewalls

You Can use a local DIrector or some other type or redirector and If you get a product that is smart enough you wont lose reduntancy

New Member

Re: Load Balancing with two PIX Firewalls

No the PIX cannot do load balancing on it's own. Cisco instead would like you to purchase another device to integrate into your architecture. The LD/PIX combo is theoretically possble but I wonder about the ability to maintain state info(sticky) with true load balancing....

durnie

New Member

Re: Load Balancing with two PIX Firewalls

Apparently,

You can do it with Cisco CSS switches which does L5 load balancing and it's documented. However, it's a costly design.

New Member

Re: Load Balancing with two PIX Firewalls

you can do PIX load balancing with two Content Switches (formerly Arrowpoint). However, why would you need to? A PIX 535 is rated at worst over a GIGABIT.

New Member

Re: Load Balancing with two PIX Firewalls

interesting ,

which article state worst rated for pix 535 ?

186
Views
0
Helpful
12
Replies
CreatePlease to create content