[Sidewinder] External load balancer or HA Mode?

[Sidewinder moderated discussion list]

Mike wrote:
>  I'd like to request comments on the pros and cons of using
>  an external load balancer or just using the HA mode built into the
>  Sidewinder.  We currently have a setup using Radware's FireProofs to
>  load share a pair of Sidewinder appliances.  Assume the applications and
>  traffic going through the devices would be for general use from inbound
>  serving webpages/files to outbound browsing, ftp and other general
>  protocols proxies.

I've had good results with Fireproof, given appropriate tuning.
The trick is to ensure Radware's load-balancing and client table
settings keep a given client IP associated to a given firewall as long
as possible.

We load-balance outbound traffic across more than two Sidewinder G2s,
and often use the Radware to cleanly migrate production traffic away
from one firewall so we can take it out for maintenance with minimal
interruption to proxied sessions (Proxy sessions do not survive G2
failover in a cluster).

We have not tested the V7 load-sharing.  Has anybody deployed
load-sharing in production?

--
Kevin Kadow  /  kkadow at gmail.com  /  http://tinyurl.com/3znu8