Manualshelf

Network Router User Manual

ManualsBrandsNortel Networks ManualsNetwork RouterWEB OS 212777
311312313314315316317318319320
212777-A, February 2002
313
CHAPTER 13
Firewall Load Balancing
Firewall Load Balancing (FWLB) with Alteon Web switches allows multiple active firewalls
to operate in parallel. Parallel operation allows users to maximize firewall productivity, scale
firewall performance without forklift upgrades, and eliminate the firewall as a single point-of-
failure.
This chapter presents the following material:
n Firewall Overview on page 314
An overview of firewalls and the various FWLB solutions supported by Alteon Web
switches.
n Basic FWLB on page 316
Explanation and example configuration for FWLB in simple networks, using two parallel
firewalls and two Web switches. The basic FWLB method combines redirection filters and
static routing for FWLB.
n Four-Subnet FWLB on page 326
Explanation and example configuration for FWLB in a large-scale, high-availability net-
work with redundant firewalls and Web switches. This method combines redirection fil-
ters, static routing, and Virtual Router Redundancy Protocol (VRRP).
n Advanced FWLB Concepts on page 346
Free-Metric FWLB on page 346. Using other load balancing metrics (besides
hash) by enabling the Return to Sender (RTS) option.
Adding a Demilitarized Zone (DMZ) on page 349. Adding a DMZ for servers that
attach to the Web switch between the Internet and the firewalls.
Firewall Health Checks on page 351. Methods for fine-tuning the health checks
performed for FWLB.