Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

About basic FWLB

Basic FWLB lets multiple active firewalls operate in parallel by combining static routes and redirection filters.

The following figure shows a basic FWLB topology.

The firewalls being load balanced are in the middle of the network, requiring a minimum of two WSMs--one on the public side of the network and one on the private side.

A redirection filter on the public-side WSM splits incoming client traffic into multiple streams. Each stream is routed through a different firewall. The valid client traffic in each stream is forwarded to a virtual server on the private-side WSM. The private-side WSM is configured with a server load balancing (SLB) metric to select a real server on the internal network for each incoming request. The same process is used for outbound server responses; a redirection filter on the private-side WSM splits the traffic, and static routes forward each stream through a different firewall and then back to the client.

The distribution of firewall load-balanced traffic within each stream is normally based on a mathematical hash of the IP source and destination addresses. This ensures that each client request and its related responses will use the same firewall (a feature known as persistence) and that the streams will be roughly equal in traffic load. Although basic firewall load-balancing techniques can support more firewalls as well as multiple WSMs on the private and public sides for redundancy, the configuration complexity increases dramatically. The four-subnet FWLB solution is usually preferred in larger scale, high-availability topologies. For information about four-subnet firewall load balancing, see the Web OS Switch Software 10.0 Application Guide, part number 212777-A.


Go back one pageGo to the next page##Go to this book's Index