Firewall load balancing – Cabletron Systems SmartSwitch User Manual

Chapter 13: IP Policy-Based Forwarding Configuration Guide

218

SmartSwitch Router User Reference Manual

The following is the IP policy configuration for the Policy Router in

Figure 21

:

Firewall Load Balancing

The next hop gateway can be selected by the following information in the IP packet:
source IP, destination IP, or both the source and destination IP.

Figure 22

illustrates this

configuration.

Figure 22. Selecting Next Hop Gateway from IP Packet Information

One session should always go to a particular firewall for persistence.

interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1

acl contractors permit ip 10.50.1.0/24 any any any 0
acl full-timers permit ip 10.50.2.0/24 any any any 0

ip-policy access permit acl contractors next-hop-list 11.1.1.1 action
policy-only
ip-policy access permit acl full-timers next-hop-list 12.1.1.1 action
policy-first
ip-policy access apply interface mls0

Intranet

Internet

Policy
Router 1

Policy
Router 2

Firewalls

1

2

3

4

1.1.1.5

2.2.2.5

1.1.1.1

2.2.2.1

1.1.1.2

2.2.2.2

1.1.1.3

2.2.2.3

1.1.1.4

2.2.2.4

mls1

mls2

et

.1

.1

et.1.

2

et.1.3

et.

1.4

et.1.

1

et.1.2

et.1

.3

et

.1

.4