Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 107
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
96 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration examples with Layer 3 routing
4
DRAFT: BROCADE CONFIDENTIAL
The following commands configure the zone parameters. To configure a zone, specify a name for
the zone, and then a zone number (from 1 through 10), followed by the number of the ACL that
specifies the IP addresses in the zone. In this example, the ACL numbers and zone numbers are
the same, but this is not required.
Zone1-SI-A(config)# server fw-group 2
Zone1-SI-A(config-fw-2)# fwall-zone Zone2 2 2
Zone1-SI-A(config-fw-2)# exit
The following commands configure the SLB information. Each of the servers in zones 2 and 3 is
added as a real server, and then the servers are bound to a virtual IP. The servers are added using
the server remote-name command instead of the server real-name command because the servers
are not directly connected to the ServerIron ADX. Instead, they are connected to the ServerIron ADX
through other routers (in this case, the firewalls).
Zone1-SI-A(config)# server remote-name web1 10.10.2.40
Zone1-SI-A(config-rs-web1)# port http
Zone1-SI-A(config-rs-web1)# exit
Zone1-SI-A(config)# server remote-name web2 10.10.2.42
Zone1-SI-A(config-rs-web2)# port http
Zone1-SI-A(config-rs-web2)# exit
Zone1-SI-A(config)# server remote-name web3 10.10.3.41
Zone1-SI-A(config-rs-web3)# port http
Zone1-SI-A(config-rs-web3)# exit
Zone1-SI-A(config)# server remote-name web4 10.10.3.43
Zone1-SI-A(config-rs-web4)# port http
Zone1-SI-A(config-rs-web4)# exit
Zone1-SI-A(config)# server virtual www.web.com 10.10.1.10
Zone1-SI-A(config-vs-www.web.com)# port http
Zone1-SI-A(config-vs-www.web.com)# bind http web1 http web2 http web3 http web4
http
Zone1-SI-A(config-vs-www.web.com)# exit
The following command enables SLB-to-FWLB.
Zone1-SI-A(config)# server slb-fw
The following command saves the configuration changes to the startup-config file.
Zone1-SI-A(config)# write memory
Commands on zone 1’s standby ServerIron ADX (Zone1-SI-S)
ServerIronADX> enable
ServerIronADX# configure terminal
ServerIronADX(config)# hostname Zone1-SI-S
Zone1-SI-S(config)# vlan 1
Zone1-SI-S(config-vlan-1)# always-active
Zone1-SI-S(config-vlan-1)# no spanning-tree
Zone1-SI-S(config-vlan-1)# router-interface ve 1
Zone1-SI-S(config-vlan-1)# exit
Zone1-SI-S(config)# interface ve 1
Zone1-SI-S(config-ve-1)# ip address 10.10.1.112 255.255.255.0
Zone1-SI-S(config-ve-1)# exit
Zone1-SI-S(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.2
Zone1-SI-S(config)# no ip icmp redirects
Zone1-SI-S(config)# vlan 10
Zone1-SI-S(config-vlan-10)# untagged ethernet 4/9 to 4/10
Zone1-SI-S(config-vlan-10)# exit
Zone1-SI-S(config)# trunk switch ethernet 4/9 to 4/10
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.784 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals