RE: [FW1] FW HA and load balancing

Fri, 06 Jul 2001 03:03:32 -0700 


Thomas,

For firewall HA with load balancing, you can't use an active/standby
solution like Check Point's own HA module to do the failover.  Instead,
you use an active/active design and a 3rd-party HA/LB solution to do the
failover and distribution of traffic between FWs.  This can be done
either with LB switches as you've shown in your diagram, or with an
OPSEC-certified software solution like RainWall.  With a software
solution like RainWall, you install the HA/LB software on the firewalls
themselves, and load balancing occurs automatically.  With LB switches,
you typically define the firewalls as a virtual server group in each
switch and then choose a LB method and apply it to the group.
Configuration methods and options differ according to the HA/LB vendor
you've chosen.  If you've already purchased your switches, contact the
manufacturer and ask for sample configurations specific to FW-1 LB.

HTH,

Mark L. Decker
Rainfinity - High Availability for E-Business
408-382-4870
[EMAIL PROTECTED]
www.rainfinity.com

-----Original Message-----
From: Thomas Leong

I know this might have been ask million of times on this mailing list,
but
I am still confuse. We are currently looking into this solution of
having
load balancing into 2 FWs and at the same time, HA or clustering on the
FWs. How do you achieve both at the same time? From what I have read, HA
or clustering or SEP are all using fail-over machanism (primary-active
and
secondary-standby). If I am right, how does load balance device can load
balance to the 2 FWs, if only 1 FW is active at 1 time?

External Network---Router---LB Switch----FwA----LB Switch----Internal
Network
                                             |     |Sync    |
                                           ---------FwB--------

FwA and FwB is in HA/Clustering mode with state synchronization.
LB switch load balanced the traffic to FwA and FwB.

Any clarification and suggestion will be greatly appreciated.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to