How to Configure ISP Redundancy and Load Balancing
Created On 09/25/18 17:19 PM - Last Modified 08/05/20 22:03 PM
- ISP Load Balancing is used when more than one internet provider is connected to the firewall. Policy-Based Forwarding (PBF) is used to forward traffic based on the source subnet.
- ISP Redundancy is used when one service provider is down and all traffic needs to be routed to the remaining service provider.
- Normally, the firewall uses the destination IP address in a packet to determine the outgoing interface.
- The firewall uses the routing table associated with the virtual router to which the interface is connected to perform the route lookup.
- Policy-Based Forwarding (PBF) allows the user to override the routing table, and specify the outgoing or egress interface based on specific parameters such as source or destination IP address, or type of traffic.
The following topology includes:
Two internal subnets
- Subnet1: 192.168.1.0/24
- Subnet2: 172.16.1.0/24
Two ISP gateways
- ISP1: 10.30.6.254
- ISP2: 10.30.1.254
Two important items to remember:
- PBF rules are applied either on the first packet (SYN) or the first response to the first packet (SYN/ACK). Application-specific rules are not recommended for use with PBF.
- Address translation (NAT) rules are not applied unless a security rule matched the connection, which is why security rules need to be in place for the address translation to work.