• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Firewall cluster problem


Tech Freak    0

Dear all,

We have recently purchased two McAfee Firewall Enterprise UTMs with the intention to cluster these for high-availability and load-balancing. To be connected on two ProCurve 5406zl switches.

I am not a switching/routing expert, and could use your help here.

One of the clustering modes for the MFEs is LOAD-SHARING, whereby each firewall actively processes traffic in a load-balanced manner (odd-port sources go to one, even-port nos go to the other). Each firewall has its own distinct IP, as well as a shared IP and MAC address for this purpose. The "default" strategy for this mode is to use L2 multicasting, whereby a switch needs to forward packets to BOTH firewalls (single MAC address), and the MFEs will get to choose who processes what.

Unfortunately my knowledge on Multicasting is limited, as is for IGMP etc, and would like someone who is more familiar with these concepts (and ProCurve switches) to shed some light.

Right now I have temporarily reverted to PEER-PEER clustering, whereby only ONE MFE can possess the virtual IP, but this is not the ideal setup.

Please let me have your expertise here.



Share this post

Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.