Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

L0 Member

Hi,

 

We have two PA 5220 and we are wondering if there is a method to utilize them as load-balancers in addition to their main use as firewalls? Is it doable? If yes, do you recommend such use case for production environment? 

 

The goal is to load balance between two services using TCP or Diameter protocol. 

 

Appreciate your answer and advice

 

Thanks

Ibrahim 

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

Not really load balancing, but you can research equal cost multi path (ECMP). But not the solution you might be looking for since it doesnt really monitor the down stream server/service. I would suggest getting a load balancer.

Regards,

View solution in original post

Cyber Elite
Cyber Elite

@ibrahim.nezar,

As @OtakarKlier mentioned there's some hacky ways to get this to somewhat function; paired with an external script with API access to make changes to the firewall and you can get a "functional" load balancer solution when it's absolutely necessary with, essentially, just the firewall.

I really wouldn't call any of those workarounds a solution though. As soon as you start talking about deploying a protected node to run an external script and interfacing with the firewall via the API, you could use the same node to act as a basic load balancer with something like NGINX for free. In any sort of production environment, I'd recommend just deploying an actual load-balancer. 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

Not really load balancing, but you can research equal cost multi path (ECMP). But not the solution you might be looking for since it doesnt really monitor the down stream server/service. I would suggest getting a load balancer.

Regards,

Cyber Elite
Cyber Elite

@ibrahim.nezar,

As @OtakarKlier mentioned there's some hacky ways to get this to somewhat function; paired with an external script with API access to make changes to the firewall and you can get a "functional" load balancer solution when it's absolutely necessary with, essentially, just the firewall.

I really wouldn't call any of those workarounds a solution though. As soon as you start talking about deploying a protected node to run an external script and interfacing with the firewall via the API, you could use the same node to act as a basic load balancer with something like NGINX for free. In any sort of production environment, I'd recommend just deploying an actual load-balancer. 

L0 Member

Thank you dears  @BPry @OtakarKlier for your responses

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!