Document ID: RDWR-ALOS-V2900_AG1302
657
Chapter 23 – Firewall Load Balancing
Firewall Load Balancing (FWLB) with Alteon allows multiple active firewalls to operate in parallel.
Parallel operation enables users to maximize firewall productivity, scale firewall performance without
forklift upgrades, and eliminate the firewall as a single point-of-failure.
This chapter discusses the following topics:
•
—An overview of firewalls and the various FWLB solutions
supported by Alteon.
•
—Explanation and example configuration for FWLB in simple networks,
using two parallel firewalls and two Alteons. The basic FWLB method combines redirection filters
and static routing for FWLB.
•
—Explanation and example configuration for FWLB in a large-
scale, high-availability network with redundant firewalls and Alteons. This method combines
redirection filters, static routing, and Virtual Router Redundancy Protocol (VRRP).
•
Advanced FWLB Concepts, page 683
—
—Using other load-balancing metrics (besides hash) by
enabling the transparent load balancing (rtsrcmac) option.
—
Adding a Demilitarized Zone (DMZ), page 686
—Adding a DMZ for servers that attach to
Alteon between the Internet and the firewalls.
—
Firewall Health Checks, page 687
—Methods for fine-tuning the health checks performed for
FWLB.
Firewall Overview
Firewall devices have become indispensable for protecting network resources from unauthorized
access. Without FWLB, firewalls can become critical bottlenecks or single points-of-failure for your
network. As an example, consider the network in
Figure 106 - Firewall Configuration with FWLB,
:
Figure 106: Firewall Configuration with FWLB