Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
1
Helpful
1
Replies

Radware Load Balancing + ISE

Go to solution
Not applicable

‎12-05-2017 09:00 AM

Hello- I have a customer using Radware for load balancing and I am looking to see if other customers have implemented ISE in an environment also leveraging Radware?

Thank you!

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎12-05-2017 03:59 PM

I have only received a couple queries on using Radware over past  few years.  Maybe customers have deployed, but not much discussion and expect overall penetration low in comparison to other solutions.  Although F5 guide has prescriptive configuration for F5,  most of guide is dedicated to concepts and requirements for load balancing.  Some key elements include:

  • ability to persist RADIUS Auth (1645/1812) and Accounting (1646/1813) based on Calling-Station-ID.  Source IP may work for many NADs with few clients, but often not suitable with larger access switches and wireless controllers.
  • ability to maintain persistence for specific flows. In other words, per-packet UDP load balancing will cause RADIUS to fail.
  • support for fragmentation and reassembly of RADIUS packets and option to set max/min fragment values.
  • ability to check health based on RADIUS service checks
  • Not required, but helpful if LB can NAT CoA packets from PSN to LB VIP address.
  • Not require direct server return (DSR) to ensure traffic can be funneled back through LB and have PSN address translated back to RADIUS VIP.
  • Optionally support LB for http and profiler traffic.
  • passthru for some flows without requiring LB processing (like F5 IP forwarding).

/Craig

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Hyps
Level 10
Level 10

‎12-05-2017 03:59 PM

I have only received a couple queries on using Radware over past  few years.  Maybe customers have deployed, but not much discussion and expect overall penetration low in comparison to other solutions.  Although F5 guide has prescriptive configuration for F5,  most of guide is dedicated to concepts and requirements for load balancing.  Some key elements include:

  • ability to persist RADIUS Auth (1645/1812) and Accounting (1646/1813) based on Calling-Station-ID.  Source IP may work for many NADs with few clients, but often not suitable with larger access switches and wireless controllers.
  • ability to maintain persistence for specific flows. In other words, per-packet UDP load balancing will cause RADIUS to fail.
  • support for fragmentation and reassembly of RADIUS packets and option to set max/min fragment values.
  • ability to check health based on RADIUS service checks
  • Not required, but helpful if LB can NAT CoA packets from PSN to LB VIP address.
  • Not require direct server return (DSR) to ensure traffic can be funneled back through LB and have PSN address translated back to RADIUS VIP.
  • Optionally support LB for http and profiler traffic.
  • passthru for some flows without requiring LB processing (like F5 IP forwarding).

/Craig

0 Helpful
Customers Also Viewed These Support Documents