Summary

Previous page
Table of content
Next page

Firewall load balancing is a very exciting part of content networking and one that allows network administrators to scale the firewall layer of the network. As technology evolves, firewalls are becoming an integral part of almost all organizations, as security is high on everyone's agenda. The traditional bottlenecks associated with firewalls are slowly being removed either by using firewall load balancing or as manufacturers produce ASIC-based high-speed firewalls. Regardless of how these firewalls evolve , we will most certainly still have a requirement to create a truly resilient, high-speed design that will require load balancing of some sort , be it external to the device or integrated within the device itself. Understanding how to configure this as well as the traffic flow will certainly assist in designing and troubleshooting these networks in the future.

Case Study: Firewall and VPN Load Balancing

With network access increasing and the need to provide a truly global operation, Foocorp, Inc. has decided to increase security as well as access speeds by deploying firewall load balancing.

This will allow Foocorp the following advantages:

  • Increase network and site performance

  • Maximize capital expenditure by utilizing expensive redundant hardware

  • Allow for policy-based firewall load balancing, ensuring that departments can contribute to the costs of deploying redundant security or not

  • Increase resilience and availability for remote workers

Deploying Firewall and VPN Load Balancing

Firewall and VPN load balancing can be a complex configuration and often relies on planning of the deployment prior to installation. While complex, it is a logical operation and it is important that these following steps are covered:

  1. Understand what type of firewall is being used (proxy, Layer 2, or Layer 3) as this helps with understanding the packet flow.

  2. Find out if NAT is required on the firewall.

  3. Based on available IP address subnets, decide which type of topology will be used.

  4. Check network speeds and duplex types with the security administrator and ensure that you configure the firewalls and content switches accordingly .

  5. Make sure the firewalls have routes to the internal networks.

  6. Allow a policy on the firewall to allow the health checks through.

  7. Ensure that the traffic flows through the correct firewall for both inbound and outbound sessions.

  8. Test the setup by failing the content switches and firewalls, ensuring that connectivity is maintained .

We can see how this has been achieved by Foocorp in Figure 9-19.

Figure 9-19. Foocorp, Inc. using WCR.

graphics/09fig19.gif

By deploying firewall load balancing, Foocorp has been able to achieve the following:

  • Increased network and site performance

  • Dedicate certain firewalls for certain applications and departments

  • Provide a scalable security solution

  • Provide rapid fail-over in the event of a network failure

Firewall load balancing is a very cost-effective solution for maximizing all available firewalls regardless of manufacturer.

Foocorp has now deployed a comprehensive security network that allows for a very scalable, flexible, and resilient network. Any future additions or applications can be seamlessly accommodated.


Previous page
Table of content
Next page
Optimizing Network Performance with Content Switching
Optimizing Network Performance with Content Switching: Server, Firewall and Cache Load Balancing
ISBN: 0131014684
EAN: 2147483647
Year: 2003
Pages: 85
Authors: Matthew Syme, Philip Goldie
BUY ON AMAZON
Beginning Cryptography with Java
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
FileMaker Pro 8: The Missing Manual
Network Security Architectures
A Practitioners Guide to Software Test Design
Cisco Voice Gateways and Gatekeepers
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy