Re: [f-nsp] (no subject)

Wed, 29 Apr 2009 00:37:05 -0700

FWLB relies heavily on FW-paths... I have never seen this working with ServerIrons at one side only - I personally would not go for this. I would go for LLB...

This would imply you are going to do NAT twice... you do need two transfer subnets in between the ServerIron (standalone) and the FWs. One subnet for each FW. The ServerIron needs a physical IP per subnet and it needs a NAT IP per subnet. Configure LLB similar to the config example in the documentation BUT use the FWs as upstream routers instead of the ISP facing routers. The FWs need to do NAT again towards the ISP(s). I would go for health check checking something in front of the FWs - this helps to verify that the FW is up and running and the device in front of the FW...

Should be straight forward...

R, Oliver


At 21:57 28.04.2009, John McCabe [Ext. 363] wrote:
Content-Language: en-US
Content-Type: multipart/alternative;
         boundary="_000_771397A62D34774DB13A1AE1E5A33C352477A16974exch2007Ridea_"

I know what I would like, I know the diff between link load balance as FWLB.
I want to balance all traffic going out of our network, i want to balance this over out 2  10 meg links.
 
Each link has its own firewall so i would like to link load balance, but before the firewall, this may be the best way to do it,
 has anyone tried?
I have multiple LB units I just don’t want to set up the whole meshed system in the FWLB scenario. Seems overkill from where I am standing.
 
 
 
 
john

RIDEAU CONFIDENTIALITY NOTICE
This communication may contain privileged or confidential information. If you are not the intended recipient or received this communication by error, please notify the sender by reply email and delete the message without copying or disclosing it.

AVIS DE CONFIDENTIALITÉ DE RIDEAU
Ce message peut contenir de l'information légalement privilégiée ou confidentielle. Si vous n'êtes pas le destinataire ou croyez avoir reçu ce message par erreur, nous vous saurions gré d'en aviser l'émetteur par courriel et d'en détruire le contenu sans le communiquer à d'autres ou le reproduire.

AVISO DE CONFIDENCIALIDAD DE RIDEAU
Este mensaje puede contener información privilegiada o confidencial. Si usted no es la persona a quien estaba dirigido el mensaje o si recibió este mensaje por error, notifique a quien se lo envió por correo electrónico y elimine el mensaje sin copiarlo o divulgarlo.
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp

Reply via email to