The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

H04L 29/06 (2006.01); G06F 17/30 (2006.01); H04L 29/08 (2006.01); H04L 29/12 (2006.01); H04L 12/801 (2013.01); H04L 12/741 (2013.01); H04L 12/803 (2013.01); H04L 12/931 (2013.01); H04L 12/911 (2013.01);

U.S. Cl.

CPC ...

H04L 63/0236 (2013.01); G06F 17/30589 (2013.01); G06F 17/30952 (2013.01); H04L 45/74 (2013.01); H04L 47/125 (2013.01); H04L 47/196 (2013.01); H04L 47/726 (2013.01); H04L 49/354 (2013.01); H04L 61/2007 (2013.01); H04L 63/02 (2013.01); H04L 63/029 (2013.01); H04L 63/0218 (2013.01); H04L 63/1408 (2013.01); H04L 63/1458 (2013.01); H04L 67/1002 (2013.01); H04L 67/1004 (2013.01); H04L 67/1027 (2013.01); H04L 67/142 (2013.01); H04L 63/0227 (2013.01); H04L 63/0272 (2013.01);

Abstract

A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to imminent shutdown of the first cluster unit: (i) a second cluster unit, coupled to a second port, is selected to perform security services on traffic sessions handled by the first cluster unit; and (ii) the LB table is updated by replacing reference(s) to the first port with reference(s) to the second port. Security services for subsequently received network traffic associated with the traffic sessions is performed by the second cluster unit.

Find Patent Forward Citations