cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2722
Views
0
Helpful
12
Replies

Load Balancing with two PIX Firewalls

gvandenbogaert
Level 1
Level 1

Does anybody perhaps know if it is possible to do load-balancing with two Pix Firewalls ? I heard something about this but I do not find anything back on CCO.

Thanks

12 Replies 12

deng
Level 1
Level 1

there's a product called 'fireproof' that will load balance firewall's and VPN's. made by a company called radware

spencer.chang
Level 1
Level 1

I know It can do load-balancing for two pix firewall by L4 -switch(such as cisco css-11k serial).Perhaps You can search CSS-11k switch to find some information on CCO.

russ.laplante
Level 1
Level 1

What about SLB, included in IOS12.1? I am going to try it with 2 Gauntlets. It makes mention of firewall load-balancing. I am hoping that it will not put too much of a load on my router.

bhose
Level 1
Level 1

I am currently involved in a project where we have implemented firewall load balancing using the Cisco/ArrowPoint CS11150 devices. It seems to work well. We are using Checkpoint firewalls but I believe it is possible to use PIX's.

Checkout http://www.cisco.com/warp/customer/117/fw_load_balancing.html

Hope this helps

Regards Brett

We are looking at a similar implementation and have discovered a few things. When using the Arrowpoints / Cisco LBs, you have to add L2 switches between each set of LBs and the firewalls, on the inside and outside, to load balance the firewalls. Because the Arrowpoints don't route traffic through themselves, you won't have enough paths to load balance without the L2 switches. There is a funky work around if you don't have the switches but the word from the TAC is that they won't support it. If you just want to do failover, you don't need the external LBs or L2 switches.

rickwilliams
Level 1
Level 1

You might want to search CCO for "FWLB" and check this url:

http://www.cisco.com/warp/partner/synchronicd/cc/pd/si/casi/ca4800/prodlit/4840_ds.htm

regards,

Rick.

amann
Level 1
Level 1

I heard rumors that the PIX rev 5.3 was suppose to be able to do load balancing on it's own...so far I have not seen a trace of it. Does anyone have any info on load balancing with rev 6?

rayshan
Level 1
Level 1

You Can use a local DIrector or some other type or redirector and If you get a product that is smart enough you wont lose reduntancy

durnie
Level 1
Level 1

No the PIX cannot do load balancing on it's own. Cisco instead would like you to purchase another device to integrate into your architecture. The LD/PIX combo is theoretically possble but I wonder about the ability to maintain state info(sticky) with true load balancing....

durnie

Apparently,

You can do it with Cisco CSS switches which does L5 load balancing and it's documented. However, it's a costly design.

jtiso
Level 1
Level 1

you can do PIX load balancing with two Content Switches (formerly Arrowpoint). However, why would you need to? A PIX 535 is rated at worst over a GIGABIT.

interesting ,

which article state worst rated for pix 535 ?

Review Cisco Networking for a $25 gift card