Understanding How Firewalls Work - Cisco catalyst 6500 series Configuration Note

Configuring Firewall Load Balancing
This chapter describes how to configure firewall load balancing and contains these sections:
•
•
•
•
•
Firewall load balancing allows you to scale firewall protection by distributing traffic across multiple
firewalls on a per-connection basis. All packets belonging to a particular connection must go through the
same firewall. The firewall then allows or denies transmission of individual packets across its interfaces.

Understanding How Firewalls Work

A firewall forms a physical barrier between two parts of a network for example, the Internet and an
intranet. When a firewall accepts a packet from one side (the Internet), it sends the packet through to the
other side (the intranet). A firewall can modify a packet before passing it through or send it through
unaltered. When a firewall rejects a packet, it usually drops the packet and logs the dropped packet as
an event.
After a session is established and a flow of packets begins, a firewall can monitor each packet in the flow
or allow the flow to continue, unmonitored, depending on the policies that are configured on that
firewall.
This section contains the following:
•
•
•
•
•
•
•
•
OL-4612-01
Understanding How Firewalls Work, page 11-1
Configuring Stealth Firewall Load Balancing, page 11-7
Configuring Regular Firewall Load Balancing, page 11-16
Configuring Reverse-Sticky for Firewalls, page 11-24
Configuring Stateful Firewall Connection Remapping, page 11-26
Firewalls Types, page 11-2
How the CSM Distributes Traffic to Firewalls, page 11-2
Supported Firewalls, page 11-2
Layer 3 Load Balancing to Firewalls, page 11-2
Types of Firewall Configurations, page 11-3
IP Reverse-Sticky for Firewalls, page 11-3
CSM Firewall Configurations, page 11-3
Fault-Tolerant CSM Firewall Configurations, page 11-6
C H A P T E R
Catalyst 6500 Series Content Switching Module Configuration Note
11
11-1