RE: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . .

-----Original Message-----
are also scalable and modular. . .

We're currently spec'ing functional requirements for a new web-based
implementation of a
number of enterprise apps. One obvious problem is the firewall system: it
needs to be both
load-balancing and high-availability, AND scalable. We're still getting a
feel for
potential traffic, but we expect to have a requirement for in-line
expansion of the system
while remaining online.

Sounds like a big firewall. I'm curious, though, as to why load-balancing
is a requirement. My experience has been that an appropriately-sized single
firewall as part of a fail-over pair is more reliable and performs better
than a comparable load-balanced firewall.

One of the obvious candidates is the Nortel Alteon platform, but that
also limits us to FW-1. We're nowhere close to downselect on a
platform or a firewall, but I'm looking for alternative platforms to start
getting info on,
so we can make sure the requirements we develop can actually be
IMPLEMENTED in reality. . .

If it were me, I'd look at SPLAT with ClusterXL over Alteon. You'll lay out
some dough for load-balancing with ClusterXL, but at least the hardware can
be (relatively) cheap.

The only other firewall vendor I can think of that does (or at least claims
to do) load-balancing is Symantec Enterprise Firewall. However, you may
also want to look at third-party load-balancing solutions like Radware
FireProof or Foundry ServerIron.


firewall-wizards mailing list

Relevant Pages