Elfiq Link Balancers & Firewalls/Security

When designing the Link Balancer products back in 2003/4, Elfiq decided to not include a firewall as this function is already handled by a unit in place at 99%+ of customers and prospects. Bringing this feature and the overhead on the system was not worth the investment. Instead we invested our efforts into making the best possible link balancer on the market and that lead us to innovations like Layer-2 implementation, the Primary Link concept, SitePathMTPX and Geolink.

There are key disadvantages in combining security and link balancing:

• Performance: the more features you add the more memory/cpu is being used, limiting the product’s advertised performance and customers no longer get what they paid for. This become worse when you add more security features like some products: antivirus, antispam, intrusion prevention, Layer-7 traffic shaping and web content filtering. Putting all these eggs into a single basket will also bring the cost of the device much higher for equal performance and at that point working with market leaders makes more sense technologically and financially
• Security: in most cases, open-source tools like IPTables and others are implemented and when a security flaw is discovered, the vendor has to publish (and test) a firmware update, incurring delays which can easily be weeks or months to get an update. Open-source security products are quite valuable and offer significant value, but like any products they must be managed/updated in a timely fashion otherwise the security benefit is rapidly diminished
• Certification: in the security field product certifications provide customers that the product(s) used meet certain criteria to make sure standards are met. No link balancer with a built-in firewall on the market has met the criteria for ICSA Labs, West Coast Labs Checkmark and Common Criteria EAL.

Keeping this in mind Elfiq actually brings value to the security infrastructure as its Layer-2 implementation does not have IP addresses on the WAN ports so they cannot be scanned, and this page will detail how we augment the value in an organization.