Would he run into any problems with persistence?
For example apacket enters firewall #1, and gets routed out firewall two? I
could see some potential problems with asymetric routing occuring.
I know with Checkpoint you can sync the state tables, which takes at a
minimum of around 50-100 ms. Often the latency behind the firewalls is far
less than this, and can lead to problems.
One approach is to use something like BigIp's fireguard or Radware etc,
place a load balancer on both sides of the firewall.
If you want to move away from pix, there are several other options. Nokia
allows you to load balance, as well as a few products for
Checkpoint...Stonebeat, Rainwall etc.
Clayton Price
""Groupstudy"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You would be far better off manipulating the routes (routing protocol) in
> your network with the routers on the inside of the PIX, and then just
> letting the the traffic flow through the PIX as usual. You will find this
> solution much easier to implement and far more forgiving on your
pocketbook!
> Of course if your using RIP this is not an option.
>
>
> ----- Original Message -----
> From: Rossetti, Stan <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 07, 2001 8:01 AM
> Subject: Load Balancing Across Multiple PIX
>
>
> > Hello Everyone,
> >
> > Does anybody know if it is possible to load balance across multiple PIX
> > firewalls? I have looked at numerous Cisco web pages, but never any
> mention
> > of load balancing. I have talked to a sales engineer and he has said
that
> > to get 1GB of throughput from a PIX firewall, you need to install 3 PIX
> > firewalls and do load balancing across them. The max throughput from
one
> > PIX is 370MBps. Of course, I can't get the sales engineer to return my
> call
> > now. Doe anyone know if this is true? Do you have to have 3 PIX to do
> load
> > balancing? I would like to just do load balancing across 2 PIX
firewalls.
> > Is this possible?
> >
> > Thanks in advance.
> >
> >
> >
> >
> > Thanks
> >
> > Stan Rossetti
> >
> >
> > NASA - PriSMS
> > Advanced Technology Group
> > Voice: (256) 544-5031
> > Email: [EMAIL PROTECTED]
> > Beeper: 544-1183 pin 0112
> >
> > CCDA, CCNA, CCSE
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
