Open New Entry When Source Port Different – When enabled, all sessions opened by the same client application are counted to enable more accurate minimum-user load balancing. When disabled, all the sessions from one client application to the same destination are considered a single session, to enable better performance.

Select New Firewall When Source Port Different – When enabled, different sessions opened by a client's application will be served by different firewalls, according to the load balancing algorithms. This option overrides the New Entry On Source Port option.

Admin. Status – The status of FireProof; can be either of the following options:

• Enable – FireProof is active. All users are balanced between the Firewalls.

• Disable - FireProof load balancing is disabled. Clients connecting to the device will be forwarded according to the routing table.

Dispatch Method – The method used to determine to which firewall the traffic will be directed:

• Cyclic – Directs traffic to each firewall one by one.

• Least Traffic – Directs traffic to the firewall with the least traffic.

• Least Users Number – Directs traffic to the firewall with the least amount of users.

• nt-1 – Queries the firewalls for Windows NT SNMP statistics. According to the reported statistics, FireProof redirects the clients to the least busy firewall. To use this method the firewalls must be firewalls for Windows NT. The parameters are considered according to the weights configured in the first Windows NT weights scheme (see the Windows NT Weights Table).

• nt-2 – Similar to nt-1, but uses the second weights scheme.

• private-1 – Queries the Firewalls for private SNMP parameters, as defined in the first private weights scheme (see the Private Weights Table). The ratios of users on the firewalls will be balanced according to the reported statistics.

• private-2 – Similar to private-1, but uses the second weights scheme.

• Least Bytes Number – Directs traffic to the firewall through which the least number of bytes has passed.

Check Connectivity Method – Indicates the method of checking for firewall availability. The value can be either Ping or any TCP port number entered manually. If Ping is selected, FireProof pings the firewalls to verify valid communication. Any other value causes FireProof to attempt to connect to the specified application port. If a ping operation fails, the firewall is down.

Check Connectivity Status – Enables/disables the polling of firewalls.

Polling Interval – How often FireProof polls the firewalls in seconds.

Number of Retries – After how many unanswered polling attempts is a firewall considered inactive.

Client Aging Time – The amount of time a non-active client is kept in the clients table (in seconds). As long as a client is kept in the clients table, the client will be attached to the same firewall.

Client Connect Denials – Indicates the number of connection requests from clients that were denied by the dispatcher.

Session Tracking – When disabled, FireProof will only manage outbound traffic. When enabled, both inbound and outbound traffic will be handled.
Note: When Session Tracking is disabled, Open New Entry When Source Port Different and Select New Firewall When Source Port Different are unavailable.

Client Table Mode – Indicates what layer of address information will be used to categorize packets in the client table.

• Layer 4 - TCP/UDP port information
• Layer 3 - source and destination IP addresses

Translate Outbound Address to Virtual Address – When using virtual IP addresses, determines how addresses from the firewall will behave.

• Enable - changes NAT addresses to virtual IP addresses.
• Disable - does not change NAT addresses.