CHAPTER
11-1
Catalyst 6500 Series Content Switching Module Configuration Note
OL-4612-01
11
Configuring Firewall Load Balancing
This chapter describes how to configure firewall load balancing and contains these sections:
• Understanding How Firewalls Work, page 11-1
• Configuring Stealth Firewall Load Balancing, page 11-7
• Configuring Regular Firewall Load Balancing, page 11-16
• Configuring Reverse-Sticky for Firewalls, page 11-24
• Configuring Stateful Firewall Connection Remapping, page 11-26
Firewall load balancing allows you to scale firewall protection by distributing traffic across multiple
firewalls on a per-connection basis. All packets belonging to a particular connection must go through the
same firewall. The firewall then allows or denies transmission of individual packets across its interfaces.
Understanding How Firewalls Work
A firewall forms a physical barrier between two parts of a network for example, the Internet and an
intranet. When a firewall accepts a packet from one side (the Internet), it sends the packet through to the
other side (the intranet). A firewall can modify a packet before passing it through or send it through
unaltered. When a firewall rejects a packet, it usually drops the packet and logs the dropped packet as
an event.
After a session is established and a flow of packets begins, a firewall can monitor each packet in the flow
or allow the flow to continue, unmonitored, depending on the policies that are configured on that
firewall.
This section contains the following:
• Firewalls Types, page 11-2
• How the CSM Distributes Traffic to Firewalls, page 11-2
• Supported Firewalls, page 11-2
• Layer 3 Load Balancing to Firewalls, page 11-2
• Types of Firewall Configurations, page 11-3
• IP Reverse-Sticky for Firewalls, page 11-3
• CSM Firewall Configurations, page 11-3
• Fault-Tolerant CSM Firewall Configurations, page 11-6
To Next Page
Loading...
Need help?
General