Thats cool and all, but using your firewalls for loadbalancing is kinda.. uh... not so good.
As demonstrated, even derptastic HAProxy is better than the loadbalancing stuff built into your FW...
For about $50-100/each you can buy 10 year old loadbalancers via eBay that do a WAY better job of this. They're more accurate AND use less cpu/watts than HAProxy will as well.
Yeah, it was kind of a "hey it does it for free" sort of thing.
I mean, if it's never really a problem, why spend more time setting extra things up. That being said, I'd have no problem setting up and managing HAProxy if we wanted to do that.
The fw boxes are from these guys: http://www.watchguard.com/ They were X550e's this weekend we're installing XTM 515's
Ahh ok, that explains why I've never seen that before.
I'm all for free, except when you're technically paying for it with licensing/etc.
I was totally serious about the $50-100 boxes being better than HAProxy, they're monumentally better at the basics. Where they don't do so hot is with SSL acceleration, but considering how fast AES-NI is, I don't bother doing that with loadbalancers anymore. Also fully HA and you don't have to deal with source/dest NAT issues if you're using DSR.
Just something to consider...