Firewall load balancing, Chapter 13: firewall load balancing 313, Chapter 13, “firewall load balancing – Nortel Networks WEB OS 212777 User Manual

212777-A, February 2002

313

C

HAPTER

13

Firewall Load Balancing

Firewall Load Balancing (FWLB) with Alteon Web switches allows multiple active firewalls
to operate in parallel. Parallel operation allows users to maximize firewall productivity, scale
firewall performance without forklift upgrades, and eliminate the firewall as a single point-of-
failure.

This chapter presents the following material:

n

“Firewall Overview” on page 314

An overview of firewalls and the various FWLB solutions supported by Alteon Web
switches.

n

“Basic FWLB” on page 316

Explanation and example configuration for FWLB in simple networks, using two parallel
firewalls and two Web switches. The basic FWLB method combines redirection filters and
static routing for FWLB.

n

“Four-Subnet FWLB” on page 326

Explanation and example configuration for FWLB in a large-scale, high-availability net-
work with redundant firewalls and Web switches. This method combines redirection fil-
ters, static routing, and Virtual Router Redundancy Protocol (VRRP).

n

“Advanced FWLB Concepts” on page 346

o

“Free-Metric FWLB” on page 346

. Using other load balancing metrics (besides

hash

) by enabling the Return to Sender (RTS) option.

o

“Adding a Demilitarized Zone (DMZ)” on page 349

. Adding a DMZ for servers that

attach to the Web switch between the Internet and the firewalls.

o

“Firewall Health Checks” on page 351

. Methods for fine-tuning the health checks

performed for FWLB.