Be careful how you load balance. Unlike the Check Point's stateful setup, Pix does not maintain state on both boxes, when running as parallel devices. Also- the purchase agreement and software are for primary and failover units. There is a sizable discount applied to the failover Pix. The state issue means some sort of hash must be passed between the load balancers sandwiching the Pix's. This hash ensures sourced traffic returns to the same firewall that the session created state in.
Make sense ??? Phil ----- Original Message ----- From: "nrf" To: Sent: Monday, November 19, 2001 9:45 PM Subject: Re: Is Pix failover can be Load balancer ? [7:26673] > You need to get yourself some real load-balancers (i.e. CSS, F5 BigIP, > Foundry ServerIron, Alteon Acedirector, etc.) and make yourself a "firewall > sandwich". Mmmm, tasty. > > > > > > > ""Sivarajan Thiruvadi"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Pals > > > > I wish to know wheather 2 cisco pix firewalls can be configured for > > redundancy > > as well as Load balancing. > > > > In general failover means in case of active PIX fails the stand by one > will > > come into line. > > But my customer wants FWLB (Fire wall load balancing). > > If any one has idea on this please help me. > > > > Thanks and regards > > Siva Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26792&t=26673 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
