Chapter 1
In transparent FWLB, persistency is ensured by the load balancer. In
non-transparent FWLB, the firewalls ensure persistency through NAT,
and there is no need for the load balancer to intervene.
The following figure illustrates non-transparent FWLB.
Bridging Firewalls
Bridging firewalls are firewalls that do not perform forwarding at the IP
address layer, but rather appear as transparent bridges. Bridging firewalls
are transparent to devices inside and outside of the secured network.
The bridging firewalls do not have IP or MAC addresses to which traffic
is directed. Therefore, the firewalls must physically appear on the traffic
path.
For bridging FWLB, the load balancers must be positioned on both sides
of the firewalls. Each device load balances between IP address interfaces
of the peer device behind the firewall. For this to work, each firewall
must reside in a different VLAN and subnet, and the physical ports
connected to the firewalls must be on different VLANs as well. In
addition, for each VLAN, both load balancers must be in the same
subnet.
Each load balancer interface and the firewall connected to it reside in a
separate VLAN. This ensures persistency since all the traffic through a
particular firewall is contained in the firewall's VLAN.
7
Figure 1-4. Non-Transparent Firewall Load Balancing
Avaya P330 Load Balancing Manager User Guide