Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
201202203204205206207208209210
Configuring WAN Load Balancing
192 Check Point Safe@Office User Guide
Configuring WAN Load Balancing
If your network is prone to congestion, for example in large offices which include multiple
active clients and/or servers, you can increase the amount of available bandwidth by
configuring WAN load balancing. By default, the Safe@Office appliance routes all traffic
to the primary Internet connection, and the secondary Internet connection is used only
when the primary connection is down, or when a routing rule specifically states that traffic
should be sent through the secondary connection. WAN load balancing automatically
distributes traffic between the primary and secondary connections, allowing you to use
both connections in parallel.
When one IP address sends packets to another IP address, the Safe@Office appliance
examines each Internet connection's recent bandwidth utilization in kilobits per second to
determine its load. The Safe@Office appliance then enters the source-destination pair in a
load balancing table and specifies the least-loaded Internet connection as the connection to
use for traffic between this pair. To prevent disruption of stateful protocols, the
Safe@Office appliance will route all traffic between this pair to the specified Internet
connection, so long as the pair remains in the load balancing table.
Note: By default, load balancing is performed when the amount of bandwidth
utilization exceeds a threshold of 64 kilobits per second. You can change this
threshold via the CLI. For information, refer to the Embedded NGX CLI Guide.
Note: By default, a source-destination pair is removed from the load balancing table
after 1 hour of inactivity. You can change the default value via the CLI. For
information, refer to the Embedded NGX CLI Guide.
Note: In order for WAN load balancing to be effective, there must be more than one
active source-destination pair.
By default, the load distribution between Internet connections is symmetric; however, you
can configure non-symmetric load balancing by assigning a different load balancing
weight to each Internet connection. For example, if you assign the primary connection a
weight of 100, and you assign the secondary connection a weight of 50, the Safe@Office
appliance will only route traffic to the secondary connection if the primary connection's
current load is more than twice the secondary connection's current load. Therefore, to