07-17-2022 12:01 PM
Hi,
We have two PA 5220 and we are wondering if there is a method to utilize them as load-balancers in addition to their main use as firewalls? Is it doable? If yes, do you recommend such use case for production environment?
The goal is to load balance between two services using TCP or Diameter protocol.
Appreciate your answer and advice
Thanks
Ibrahim
07-18-2022 01:12 PM
Hello,
Not really load balancing, but you can research equal cost multi path (ECMP). But not the solution you might be looking for since it doesnt really monitor the down stream server/service. I would suggest getting a load balancer.
Regards,
07-18-2022 02:36 PM
As @OtakarKlier mentioned there's some hacky ways to get this to somewhat function; paired with an external script with API access to make changes to the firewall and you can get a "functional" load balancer solution when it's absolutely necessary with, essentially, just the firewall.
I really wouldn't call any of those workarounds a solution though. As soon as you start talking about deploying a protected node to run an external script and interfacing with the firewall via the API, you could use the same node to act as a basic load balancer with something like NGINX for free. In any sort of production environment, I'd recommend just deploying an actual load-balancer.
07-18-2022 01:12 PM
Hello,
Not really load balancing, but you can research equal cost multi path (ECMP). But not the solution you might be looking for since it doesnt really monitor the down stream server/service. I would suggest getting a load balancer.
Regards,
07-18-2022 02:36 PM
As @OtakarKlier mentioned there's some hacky ways to get this to somewhat function; paired with an external script with API access to make changes to the firewall and you can get a "functional" load balancer solution when it's absolutely necessary with, essentially, just the firewall.
I really wouldn't call any of those workarounds a solution though. As soon as you start talking about deploying a protected node to run an external script and interfacing with the firewall via the API, you could use the same node to act as a basic load balancer with something like NGINX for free. In any sort of production environment, I'd recommend just deploying an actual load-balancer.
07-20-2022 12:50 AM
Thank you dears @BPry @OtakarKlier for your responses
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
