Load Balancing Dell NGFW
Open Sandwich Architecture Provides Scalable Performance and High Availability for Dell SonicWALL Next-Generation Firewalls
Figure 1: Dell SuperMassive 9000 Series and Dell Networking switches with Array’s APV Series application delivery controllers in an open firewall sandwich architecture. Example is for outbound traffic only.
Dell SonicWALL SuperMassive 9000 Series Next-Generation Firewalls (NGFWs) provide deep security against sophisticated network threats, at multi-gigabit speeds. The SuperMassive series features a multi-core high-performance firewall architecture with deep packet inspection as well as intrusion prevention in a single appliance.
However, as network speeds and network security requirements continue to evolve, meeting NGFW requirements by simply scaling up hardware capabilities becomes much more difficult. Specifically, a single SuperMassive appliance might not have the scalability or performance to address the needs of large deployments, particularly those with heavy outbound traffic such as large school districts, universities or service providers.
In those circumstances, a Layer 3 open sandwich strategy for SonicWALL NGFWs can address performance and scalability needs. By pairing Dell SonicWALL NGFWs with Array’s APV Series Application Delivery Controllers (ADCs), the APV Series’ high-performance load balancing capability can increase the NGFWs’ performance and capacity to meet requirements.
Integrated Solution Overview
Array APV Series application delivery controllers are high-performance platforms that provide Layer-3 load balancing to ensure the SonicWALL SuperMassive firewalls perform at the highest possible level. This solution can ensure persistent throughput for outbound traffic (LAN to WAN for example), as well as inbound traffic such as SIP calls that originate from the WAN side.
In the open sandwich deployment solution, also called an open firewall sandwich or a Layer 3 open sandwich, the APV Series ADC distributes traffic across multiple Dell SonicWALL NGFW nodes, interfacing to them through a Dell Networking switch. The configuration provides full redundancy to the SuperMassive NGFWs; failure of a node is detected by the APV Series, which then stops forwarding traffic to the failed node until the problem is resolved.
Other Deployment Options
In addition, high availability may be enabled by deploying two load balancers and two switches in support of an array of Dell NGFWs. By building redundancy and failover capability into each element of the open sandwich architecture, traffic flows will never be disrupted due to equipment failure or nonresponsive NGFW nodes.
Multiple LANs can also be supported by adding multiple Virtual Services and forwarding networks to the APV Series, and multiple VLANs and forwarding networks to the SonicWALL NGFW.
About the Open Sandwich Concept
Dell has developed and deployed several ‘firewall sandwich’ architectures to meet the diverse needs of customers. The open sandwich concept is designed to utilize almost any third-party switch or load balancer; however Array’s APV Series and Dell Networking are the first commercial-grade application delivery controller/ load balancer and switch to be tested and deployed in this configuration.
The Array/Dell combined solution offers unique synergies for education institutions, service providers and others with high-volumes of outbound traffic. Both Array and Dell are industry leaders in price/ performance, overall value, and innovative features in their respective product categories. In addition, the Array/Dell open firewall sandwich has been tested and proven, giving users the assurance of a mature, deployment-ready solution.
APV Series Benefits
- Scale Dell SuperMassive firewalls while maintaining 99.999% high availability
- Up to 70 Gbps throughput
- Lowest-cost L7 requests per second, lowest-cost L4 connections per second, lowest-cost SSL transactions per second and lowest-cost SSL Mbps
- Proven 6 month average time period to achieve ROI for enterprise, service provider and public sector organizations
Dell SuperMassive Benefits
- Provides deep security against sophisticated network threats at multigigabit speed
- Multi-core, high-performance architecture includes deep packet inspection and intrusion prevention in a single appliance
- Gateway antivirus and anti-spyware, as well as enforced client antivirus and anti-spyware
- Compact, power-efficient design