Firewall load balancing

Question

Hello,&nbsp;
Looking for some guidance on how to configure firewall load balancing. I had thought this was a popular thing, but the lack of documentation has me thinking that maybe no one does this anymore. I guess firewalls are generally fast enough nowadays that you don't need to do this, but in my case there are two problems:&nbsp;
1) The firewalls do a lot of application-level stuff which slows them down
2) IPS's are also inline, which aren't nearly as fast&nbsp;
So I need to do firewall load balancing with a couple VIPRION chassis. But I can't for the life of me figure out exactly how to configure the virtual servers so that they're fully transparent. What type of virtual server should be used? A forwarding server doesn't allow me to configure the firewall pool. A standard server isn't transparent -- the F5 appears to terminate the TCP sessions on each interface, which is no good (I just want them passed through). &nbsp;
Any tips would be greatly appreciated!&nbsp;

iheartf5_45022 · Accepted Answer

Hi,&nbsp;
I think &nbsp;
Performance Layer 4All ProtocolsDisable address translation
with the appropriate pool of firewalls should work fine.&nbsp;

rob_carr · Answer

I think firewall load balancing is less necessary these days as more firewalls cluster.&nbsp;
You need a standard virtual server in order to have load-balancing, but to make it transparent you need to disable address and port translation.  You won't see won't see these two options unless you change your configuration view from basic to advanced.&nbsp;

iheartf5_45022 · Answer

and disable port translation!

terry_b_141446 · Answer

This appears to do the trick. Thanks!

Forum Discussion

Firewall load balancing

4 Replies

Recent Discussions

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Re: NGINX for Azure: Load Balancing

Deploying F5 BIG-IP with Azure Cross-region load balancer

NGINX Load balancing feature

F5 AFM/Edge Firewall and the difference between Edge Firewalls and Next-generation Firewalls (NGFW)

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability