09-03-2012 11:21 PM
Hi all ,
we have two links from two different service providers.
ISG 2000 series firewalls are in HA mode. ie two physical firewalls .
we need to accomplish load balancing , we currently has one default route to one provider .
however for we are unable to achieve load balancing . Please if any one has done multi homing , load balancing etc need your advice and any links will be highly appreciated .
Do i need to put two default routes ? if ISG routes packet from ISP A another ISP B for same tcp session , it will result in out of order delivery on destination ?
Solved! Go to Solution.
09-03-2012 11:29 PM
There is no perfect way to load balancing on firewalls, so what I would suggest is two ways to achieve this :
1. Use source based routing where you can route half of your LAN to one ISP and other half to second ISP
2. Configure PBR (Policy based routing) to route one type of traffic ( e.g http, ftp etc) on one ISP and some other traffic type ( https, voip etc) on
the other ISP.
Sarab [ JNCIS-FWV , JNCIA-SEC , CCIP , CCSA ]
[If it helped please mark it as "Accepted Solution".]
09-04-2012 12:17 AM
we have over 150 subnets withing 10.0.0.0/8 space , how can i achieve source based routing here .
we have aroung 2500 users campus wide
. Further i cant go with PBR beacuse 80 % of traffic correspond to http . it will make other ISP underutilised.
09-04-2012 12:39 AM
09-04-2012 02:14 AM
we have a trust zone with 10.1.0.0 /16 , one dmz and untrust zone .
Also do i need to create untrust 1 and untrust 2 for two isp's or i can put them in same untrust zone.
we dont have flat network ...hierarchial network ..access---distribution---core---fw---router---isp
09-04-2012 02:44 AM