|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] load balancing and state tables
Cedric is quite correct that, when using synchronization, all connections will appear in the state table of all firewalls, regardless of which firewall is actually processing the connection. Normally, this is not a problem, although each connection does consume a small amount of memory. Cedric wrote: > If you don't synchronize them, you have to be sure each packet > of a single session goes thru the same firewall. This is done > mostly by hardware load balancers like RadWARE Fireproof. It is also possible to do this without a hardware load balancer. For example, RainWall can be configured to enforce symmetric routing of traffic among a cluster of firewalls. This will work fine even with sync turned off, and reduces the size of the connection-table. However, the downside is that fail-over is not transparent, as Cedric described. For this reason, we generally recommend that our customers enable FW-1 sync to get the most seamless recovery in the event of failures. Mark L. Decker Rainfinity [email protected] www.rainfinity.com================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
