Filter
Top Products
Chapter 5 Configuring Firewall Load Balancing
Configuring FWLB with VIP and Virtual Interface Redundancy
5-10
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Configuring FWLB with VIP and Virtual Interface
Redundancy
Configure FWLB with VIP and virtual interface redundancy to provide the
following benefits:
• Very fast failover (typically 1 to 3 seconds)
• No single point of failure
• All CSSs forward traffic (active-backup configuration)
Note For details on configuring VIP and virtual interface Redundancy, refer to the
Cisco Content Services Switch Redundancy Configuration Guide.
This configuration consists of two redundant CSSs and two Layer 2 devices on
either side of the firewall. If a CSS fails, the redundant CSS on the same side of
the firewall assumes the additional load.
Note When you configure FWLB with VIP and virtual interface redundancy, do not
configure shared VIPs. Shared VIPs are not supported by the FWLB topology. For
more information about shared VIPs, refer to the Cisco Content Services Switch
Redundancy Configuration Guide.
You must configure the VIPs on the CSS that has the services directly connected
to it or connected through a Layer 2 device. Do not configure content rules with
VIPs on a CSS when the services are located on the other side of the firewall and
connected to another CSS participating in FWLB. This type of configuration will
result in asymmetric paths and could cause firewalls performing stateful
inspection to tear down connections.