Netsweeper is a Linux based web filtering software developed by the Netsweeper corporation. It provides functions for filtering malicious and inappropriate web content, which can help with meeting compliance and regulatory requirements. The software can be installed on hardware or used in a virtual environment, both of which can be load balanced using Loadbalancer.org appliances. Implementing Loadbalancer.org appliances enables multiple Netsweeper software to be deployed in a cluster.
Loadbalancer.org’s web filter expertise helps us to guard against filter failure – ensuring uninterrupted service and excellent user experience.
Key benefits of load balancing
Implementing Loadbalancer.org appliances enables multiple Netsweeper to be deployed in a cluster. This provides the following key benefits:
- High-availability – If a Web Gateway fails, service is not interrupted
- Maintenance – Web Gateways can easily be taken out of the cluster for maintenance
- Performance – For additional performance simply add more Web Gateways to the cluster
How to load balance Netsweeper
For load balancing Netsweeper we recommend Layer 4 Direct Routing (DR) mode, aka Direct Server Return (DSR). This is a very high-performance solution that is well suited to web filters and proxies. However, Layer 4 NAT, Layer 4 SNAT & Layer 7 SNAT can also be used. Deciding which method is best for your deployment depends on a variety of factors. Layer 4 DR mode is the fastest method but requires the ARP problem to be solved and also requires the application running on the real servers to respond to both its own IP address and the VIP. Layer 4 NAT mode requires that the default gateway on the real servers is the load balancer. Layer 4 SNAT mode requires no real server changes, but unlike the other Layer 4 methods, is non-transparent. Layer 7 SNAT mode is also non-transparent and requires no real server changes, but does not offer the raw throughput of the Layer 4 methods. Three modes of Netsweeper operation are officially supported with Loadbalancer.org appliances:
- Explicit Mode – proxy settings are explicitly set on each client device. Browser settings on client PCs must be changed to point at the Virtual Service (VIP) on the load balancer.
- Transparent Mode – policy-based routing is used on the router/firewall that handles client traffic. These rules at the router/firewall make sure that the required traffic (typically HTTP & HTTPS on port 80 & 443) is sent transparently to the load balancer.
- Non-Transparent Mode – proxy settings are explicitly set on each client device. Browser settings on client PCs must be changed to point at the Virtual Service (VIP) on the load balancer.