Firewall load balancing (FWLB) is deployed for many of the same reasons for load balancing application services that is grouped under the term server load balancing. It enables firewall load balancing, scalability and availability to balance firewall traffic to prevent one firewall from passing an inordinate amount of traffic which might slow response of the client. It provides for transparent failover and redundancy during firewall failure. In addition, you can offload secure firewalls from Dos, SYN, SYN-ACK attacks and protect network and servers in the event of firewall outage.
How it works:-
You can configure FWLB by deploying one/more ServerIron ADXs on the enterprise (private) side of the firewalls and
one/more ServerIron ADX on the Internet side of the firewalls.
A basic FWLB topology uses two ServerIron ADXs to load balance traffic across Layer 3 firewalls. The firewalls
can be synchronous or asynchronous.
As shown in this example, each ServerIron ADX is configured with paths through the firewalls to the other
ServerIron ADX. One ServerIron ADX connects to all the firewalls on the private network side. The other
ServerIron ADX connects to all the firewalls on the Internet side. The ServerIron ADX(s) balances firewall traffic
flows across the firewalls. The ServerIron ADXs use these paths as part of the load balancing mechanism to ensure that traffic for a given IP source and IP destination always passes through the same firewall.
Figure 2.2 shows an example of a basic FWLB topology.
In an HA topology in 2.3, both ServerIron ADXs actively load balance traffic to the firewalls. If one of the ServerIron ADXs
becomes unavailable, the other ServerIron ADX automatically takes over load balancing for the sessions that were
on the unavailable ServerIron ADX. Active-Active operation provides redundancy in case a ServerIron ADX becomes unavailable, while
enhancing performance by using both ServerIron ADXs to process and forward traffic.