hello!

at first, thank you!

I have a catalyst 4006 with a supervisor engine III.

I have two identical firewalls with fastethernet ports.they have connect with catalyst 4006.

I have apply two different 100M Internet connections.they have connect with two firewalls

users(ABOUT ONE thousand,in different vlans),who connect to catalyst 4006, want to browse information at internet .

I,as a network manager,want that two firewalls work at same time and load balancing.

please tell me whether catalyst 4006 with a supervisor

engine III can fulfill this work or not?

if can,please tell me how fulfill this work.what are prerequisite?

I haven't dealt with this for a while, things are changing all the time, but the principles should be the same. So the answer doesn't really depend on the 4006, but on your firewalls. First of all the firewalls need to maintain state information that is accurate and real time. Lets say a packet goes out fw1 and comes back in fw2, if fw2 doesn't have state info on the packet, it drops it. Therefore, some device need to maintain a table on which session came thru which fw and makes sure that the packet returns thru same fw. This is pretty much what fw load balancers do, like alteon, rad and cisco has one also. Otherwise you pretty much have to have one in active and one in standby. Hope that makes sense.

IOS Supports firewall load balancing, this is part of SLB Feature. State sync is not necessary between firewalls with this technique.

Unfortunately Cat 4006 with SupIII does not support this feature as of now.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e11/iosslb11.htm#2140518

Hope this helps,

Subba Rao

thank you!!!

thank you!!

I am ready to get CCNP.

please give me some advices.

In china,many people get CCNP certification by reciting examination questions.

I think that it is wrong.I am doing experience and looking through CCNP materials.

thank you

bye

your sincere friend

my email:syzbw@public.cs.hn.cn