The primary unit processes all ICMP traffic. By default, the primary unit also processes all TCP and UDP traffic and load balances virus scanning traffic among all cluster units. You can change the default configuration so that the cluster load balances TCP, UDP traffic, and virus scanning traffic among all cluster units.

Load balancing increases network bandwidth usage and also increases the load on the primary unit CPU. Because of this, in some network environments, load balancing TCP and UDP traffic may not result in an overall cluster performance increase. However, in other network environments, TCP and UDP load balancing may improve cluster performance.

If the cluster is configured to load balance virus scanning sessions, the primary unit uses the load balancing schedule to distribute HTTP, FTP, SMTP, POP3, and IMAP packets to be virus scanned, among the primary unit and the subordinate units. Load balancing virus scanning traffic is much more likely to increase cluster performance. Virus scanning is processor intensive for the cluster unit that is performing the virus scanning. Distributing virus scanning over the cluster units significantly reduces the processing load on the primary unit. As a result overall cluster performance should improve. See “Load balancing UTM sessions, TCP sessions, and UDP sessions”.