With the network development, the major carriers and IDC company requires network security protection, , as well as the stability of security protection, on this basis Kingdon firewall launched the deployment of protective bypass mode on scalable clusters. one Units Kingdon Analyzer (Detector) over the original cluster model can achieve bypass protection, so as to avoid network outage because of the safety equipment itself affect the stability of the entire network. Cluster-based firewall to rely on more than one firewall protection achieve bandwidth and defensive capabilities overlapping. The current firewall Units can support the formation of clusters by many firewalls to protect against large attacks. The concept is: first of all, at the corresponding switch port set aggregation Port - Port Trunking (Link Aggregation called some switches - Link Aggregation), or directly set the router to complete the line aggregation, access the each firewall separately, each firewall access one line of traffic (import and export).

Cluster-based firewall installation follows these steps:

a) re-set firewall address, plan the serial number of the firewall cluster, followed by turning on the firewall, connecting management port, configure the firewall's IP address, change the firewall for all network card's address to correspond with its serial number, so that clusters can avoid IP address conflict in the firewall ;

b) connect the data port, each WAN connection line (data incoming line) access to the firewall connects to the "imcoming" socket, the corresponding local network (data outgoing) line connect to the "outgoing" socket;

c) Connect heartbeat line, connect each firewall heartbeat port to switch (gigabit-based clusters needs to connect to Gigabit switch). If it was two firewall clusters, the heartbeat line that can be directly used cross connecting;

d) connection management port, for each firewall connect the "management port" tothe switches;

e) at the external switch set to the date incoming port as port aggregation. At the internal switches set the data outgoing port as port aggregation;

f) log onto the management workstation, to change the IP address the same as address with the firewall managed network segment, and then log onto the management interface, enter the Cluster Settings page, enter the firwall ID corresponding to the heartbeat IP addresses, then save;

g) Note that the firewall aggregation (cluster) start automatically after the firewall start

h) Check the traffic flow to confirm the normal passage of data, complete the installation.

Network structure in Figure: