Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 11251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA Cluster how does it share the load?

StealthyM

Hello,

 

We are looking at getting 2 x SG 330 in a HA Cluster.

 

I would like to know, how does it determine to share the load? We will be using WAF, IPS and NAT Rules.

Is WAF protection compatible in a cluster and will it share the incoming load and inspection.

 

I have read guides on the internet, and it appears the MASTER is the in and outpoint for traffic, so how does it share its load?

 

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Rather than an Active/Active cluster of two 330s, you might want to consider two 430s in Hot-Standby.  With Active/Active, you must, in effect, purchase subscriptions for both units.  With Hot-Standby, only a single subscription is needed.  That means the alternative I suggested costs about the same as what you're considering, but has the added benefit of full power should one of the two units fail.

    In any case, you should find a strong reseller in your area and have this discussion with them.  They also should be able to give a complete answer to your question here.

    Cheers - Bob

Reply
  • 0

    Rather than an Active/Active cluster of two 330s, you might want to consider two 430s in Hot-Standby.  With Active/Active, you must, in effect, purchase subscriptions for both units.  With Hot-Standby, only a single subscription is needed.  That means the alternative I suggested costs about the same as what you're considering, but has the added benefit of full power should one of the two units fail.

    In any case, you should find a strong reseller in your area and have this discussion with them.  They also should be able to give a complete answer to your question here.

    Cheers - Bob

Children
  • 0 in reply to BAlfson

    The issue is, we are coming from ASA. Now that was in a Active/Standy and the cut over time was near instant tanious. It kept all the session states and flipped over as if nothing ever happened.

     

    However, we run a pair in our office SG210 in a Active/Standby and we don't get the same results. However, the office is different as it has 2 different incoming ISP. Rather than the same one in our office.

     

    But yes, we need to determine if an Active/Cluster or Active/standby is the right choice.

  • 0 in reply to StealthyM

    We run ours in active/standby and it is instantaneous. You will drop 1 ping.

    If your internet connections are PPPoE, it will drop for a while until it authenticates again.

  • 0 in reply to Louis-M

    I disagree, I was downloading an ISO from Microsoft and I turned off the Primary UTM. The connection was reset and the download stopped.

     

    With it in a cluster, the connection was maintained and continued.

     

    With an ASA active/standby the connection is maintained and continues like nothing has happened.

     

    Can you test on yours?

  • 0 in reply to StealthyM

    I'll try and give it a shot during the week. I've not downloaded and tested it at the same time but I have on numerous occasions ran an active ping to 8.8.8.8 and watched them switch over and it's only ever dropped 1 ping every time.

  • 0 in reply to StealthyM

    VoIP calls and down/uploads will indeed be interrupted.

    Cheers - Bob