For more details, please see ourCookie Policy.

Application Delivery (ADX)

Firewall Load Balancing 101 with ServerIron

by pmorrissey on ‎06-09-2009 10:10 PM - edited on ‎10-30-2013 05:40 PM by bcm1 (664 Views)

Firewall Load Balancing with ServerIron



Feature Brief Intro


Firewall load balancing (FWLB) is deployed for many of the same reasons for load balancing application services that is grouped under the term server load balancing. It enables firewall load balancing, scalability and availability to balance firewall traffic to prevent one firewall from passing an inordinate amount of traffic which might slow response of the client. It provides for transparent failover and redundancy during firewall failure. In addition, you can offload secure firewalls from Dos, SYN, SYN-ACK attacks and protect network and servers in the event of firewall outage.


How it works:-


You can configure FWLB by deploying one/more ServerIron ADXs on the enterprise (private) side of the firewalls and

one/more ServerIron ADX on the Internet side of the firewalls.


A basic FWLB topology uses two ServerIron ADXs to load balance traffic across Layer 3 firewalls. The firewalls

can be synchronous or asynchronous.


As shown in this example, each ServerIron ADX is configured with paths through the firewalls to the other

ServerIron ADX. One ServerIron ADX connects to all the firewalls on the private network side. The other

ServerIron ADX connects to all the firewalls on the Internet side. The ServerIron ADX(s) balances firewall traffic

flows across the firewalls. The ServerIron ADXs use these paths as part of the load balancing mechanism to ensure that traffic for a given IP source and IP destination always passes through the same firewall.


Figure 2.2 shows an example of a basic FWLB topology.







In an HA topology in 2.3, both ServerIron ADXs actively load balance traffic to the firewalls. If one of the ServerIron ADXs

becomes unavailable, the other ServerIron ADX automatically takes over load balancing for the sessions that were

on the unavailable ServerIron ADX. Active-Active operation provides redundancy in case a ServerIron ADX becomes unavailable, while

enhancing performance by using both ServerIron ADXs to process and forward traffic.