Firewall Load Balancing

Network appliances such as firewalls and VPN terminations devices perform important enforcement and privacy functions to protect IT infrastructure from unauthorized and malicious usage. But as networks have increased performance with ubiquitous deployment of Gigabit and now 10 Gigabit Ethernet technologies, these devices have become bottlenecks, slowing network performance and degrading user experience. Multiple security appliances must be deployed to alleviate the performance degradation and traffic must be managed across all appliances.

Foundry's Firewall Load Balancing solution on ServerIron switches provides load balancing across security devices for intelligent traffic distribution. Firewall load balancing ensures that you can build networks that are not only secure, but also scale with exploding Internet traffic. Foundry's ServerIron™ family of Web switches provides high performance firewall load balancing with the following features:

• End-to-end path health checks to monitor the firewall health
• Load balancing for Layer 2 or Layer 3 firewalls
• Support for static and dynamic routing environments
• Multi-zone™ firewall load balancing to enable deployment of DMZs common in Web server farm deployments
• Ability to group and allocate firewalls for different application types
• Built-in Secure Shell interface, Cisco-syntax compatible Access Control Lists (ACLs) and extended ACLs
• Stateful and stateless load balancing of traffic
• Load balance up to 16,000,000 concurrent sessions
• Robust support for up to 32 firewall/VPN devices providing unmatched scalability for the most demanding networks
• Certified to load balance Check Point™ VPN-1/firewall-1® Gateway products

Foundry also offers enhanced FWLB with Active-Square™, a unique application that provides utmost high availability. Session information is synchronized between ServerIron switch pairs, which allows either switch to process traffic and take over responsibility for client sessions in the event that one fails. When used in conjunction with firewall synchronization this feature ensures that client/server transactions are completed.