• StoneGate Management Center
• StoneGate FW / VPN
• Overview
• Features
• Antivirus Protection
• Protecting HTTP
• Securing VoIP
• Clustering
• Quality of Service
• Securing Servers
• Internet Connectivity
• Office Connectivity
• Mobile Access
• IPS Integration
• Appliances
• Software Solutions
• Virtual Firewall
• StoneGate IPS
• StoneGate SSL VPN
• StoneBeat

Clustering

Security Engine Clustering and Load Balancing

StoneGate Firewalls and IPS sensors have built-in clustering and load balancing that removes the need for third-party clustering solutions.

Clustering ensures high availability of the security engines, thus allowing uninterrupted operations during system maintenance and updates.

• Scale up the VPN performance of a firewall solution and the throughput of an IPS solution
• Eliminate the risk of downtime
• Cluster up to 16 nodes to function as a single security engine

StoneGate's built-in load balancing capabilities allow security engines to dynamically balance connections between cluster nodes, transparently transfering connections to available nodes in case a node becomes overloaded or fails. The way the load balancing is designed allows using engine nodes with different hardware in the cluster.

The clustering and load-balancing technologies in StoneGate security engine have evolved from Stonesoft's StoneBeat products.

Benefits

• Always available business critical services
• Easy way to scale up
• Customer satisfaction
• Money saved
  

Different Ways to Implement Firewall/VPN Clustering

StoneGate's Drop-In Firewall Clustering Eases Setup of Clustered Environments

Drop-In Firewall Clustering (DFC) is a new mode of operation introduced with StoneGate 2.2.

DFC technology eliminates complex configuration requirements for clustered firewalls, enabling security administrators to effectively "drop" a firewall cluster into their existing network infrastructure.

While StoneGate's built-in load-balancing capability has always eliminated the need for external load-balancing devices, this new version improves operational efficiencies by easing coordination between security and network administrators.

In DFC mode, one cluster node receives all the traffic send to a given IP address. Since this is the standard mode of operation for a switch, special configuration of the network is not needed. The receiving StoneGate engine forwards the traffic to the other nodes for processing.

Move to a high-availability clustered firewall scheme without any additional reconfiguring of existing switches or routers. Drop-In Firewall Clustering neatly sidesteps the typical configuration difficulties encountered when setting up a firewall cluster.

Clustering StoneGate Firewall Using Unicast or Multicast MAC Addresses

If it is not possible to use Drop-In Firewall Clustering, StoneGate Firewall engines can also be clustered also using unicast MAC addresses, multicast MAC address associated with a unicast IP address, or Multicast MAC address in combination with IGMP.