Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
3
Replies

PIX and FWLB

oguarisco
Level 3
Level 3

‎02-19-2003 06:10 AM - edited ‎02-20-2020 10:34 PM

Hi,

We plan to setup 2 PIX to achieve Load-Balancing and use two 100Mbit Internet connection...

Is this feature implemented in PIX or should I need some External devices that do Firewall Load-Balancing???

I know that they implement Stateful Failover (one Pix with unrestricted License and the other with Fail-over License)...but this is not the solution of our situation

Anybody can help me??? Has someone already implemented a similar solution ???

Thanks

0 Helpful
3 Replies 3

s-doyle
Level 3
Level 3

‎02-25-2003 08:16 AM

Strictly speaking, FIrewalls are not designed to do load balancing... they are not supposed to. Firewall's are pretty good at forwarding traffic they receive but load balancing is another ball game. What you could do is to have a design where both the firewalls are connected to a router on the inside and it is this router that does the load balancing, handing over the traffic to one of the two PIXs as required.

0 Helpful

oguarisco
Level 3
Level 3
In response to s-doyle

‎02-25-2003 09:40 AM

Hi,

There are certain Firewall HW appliance that do Load-Balancing...the problem is that a router could create a bottleneck because the topology is composed of 2 link each of 100Mbit/s to Internet.

I've find out that Cisco has switches (cisco 4840) especially dedicated to task like SLB and FWLB.

Maybe

0 Helpful

shannong
Level 4
Level 4

‎02-25-2003 03:27 PM

Firewalls load balance just fine as long as active sessions are always sent back to the same firewall, much like when dealing with SSL sessions in web farms.

First ask yourself why are you doing the load balancing. If it's for redundancy, the you don't really need load balancing and the Pixs stateful failover works great already on its own.

If you would like to move more traffic than either firewall in the pair could handle on its own, then you don't have redundancy anymore because if one fails the single firewall cannot handle the full load.

Having said that, you can do firewall load balancing with some versions of the IOS. The feature is called SLB and can handle firewall clusters in the Cat6ks and some of the 7000 series routers. Or you can use a dedicated load balancer like a Cisco CSS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card