Load balancing among a cluster of firewall security devices

Abstract

A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching device. A received data packet by the switching device is forwarded to one of the firewall security devices in a cluster based on the load balancing function, the load balancing table and the address contained in the data packet.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application is a continuation-in-part of U.S. patent application Ser. No. 13 / 356,399, filed on Jan. 23, 2012, which claims the benefit of U.S. Provisional Application No. 61 / 443,410, filed on Feb. 16, 2011 and U.S. Provisional Application No. 61 / 542,120, filed on Sep. 30, 2011, all of which are hereby incorporated by reference in their entirety for all purposes.COPYRIGHT NOTICE[0002]Contained herein is material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction of the patent disclosure by any person as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights to the copyright whatsoever. Copyright ©2011-2013, Fortinet, Inc.BACKGROUND[0003]1. Field[0004]Embodiments of the present invention generally relate to the field of load balancing in a computer network. In particular, various embodiments relate to a method and system for balan...

AI Technical Summary

Benefits of technology

The present invention provides a method and system for high availability (HA) clusters of firewall security devices that offer enhanced reliability and increased performance. The system includes a load balancing function that enables the switching device to manage more than eight firewall security devices in a cluster. The loading is achieved by configuring a plurality of firewall security devices in an HA cluster, which process network traffic and provide normal security services such as firewalling, virtual private network (VPN), virus scanning, web filtering, and spam filtering services. If a firewall security device in a cluster fails, another firewall security device in the cluster automatically takes over the work that the failed firewall security was performing, thus ensuring continued processing of network traffic and providing normal security services with virtually no interruption. The system offers the advantage of geographically distributed load-balancing, which can overcome a number of firewall deployment limitations, including handling asynchronous traffic.

Problems solved by technology

There is a threat to such confidential data by malware, viruses, spyware, key loggers, and unauthorized access to information and so forth.

This poses great danger to unwary computer users.

However, the firewall can be a single point of failure.

If it fails, there will be no restrictions on the viruses, spyware, key loggers, and unauthorized access and the services may get hampered badly.

However, there is a limitation with respect to the number of firewall systems that a single network switch can handle in a cluster.

Further, due to highly varying and growing traffic requirements of today's networks, which are increasingly shifting towards core, cloud, and datacenter based solutions, the processing capability of the presently used firewall systems and the load balancing arrangement is not sufficient.

Additionally, in the presently available HA cluster based load balancing systems, it is very difficult to manage asymmetric traffic flows and achieve extreme levels of session based performance.

Furthermore, due to limited processing capabilities of the present load balancing systems it is very difficult to balance load among geographically distributed firewall systems.

Images