Chapter8.Firewall Load Balancing
|
|
Chapter 8. Firewall Load BalancingRefer to the following sections for information about these topics:
In environments where network connectivity and security are vital, firewall availability becomes important. You can use the firewall failover feature to implement two firewalls as a failover pair. This increases the firewall availability, with the goal of having one of the two always up and operating correctly. Chapter 7, "Increasing Firewall Availability with Failover," covers firewall failover in greater detail. However, firewall failover doesn't address distributing the traffic inspection load across the firewall platforms. Beginning with PIX 7.x, you can configure multiple contexts on each of the firewalls in a failover pair such that the contexts are distributed between them. This can divide the total inspection load between the two firewalls, but it is a manual configuration process that is not dynamic in nature. Even so, only two identical firewalls can be used together. This chapter discusses the mechanisms you can use to distribute the traffic inspection load across any number of independent firewall platforms. The group of firewalls is organized into a logical firewall farm. Firewall load balancing is performed by external devices so that it is transparent to the firewalls themselves. As well, the firewalls can be a mixture of platforms offering different levels of performance. |
|
|
EAN: 2147483647
Pages: 120