ServerIron ADX Firewall Load Balancing Guide 39
53-1002436-01
Configuring HA active-active FWLB
3
DRAFT: BROCADE CONFIDENTIAL
Configuring HA active-active FWLB
This section contains the following sections:
• “Overview of active-active FWLB” on page 39
• “HA FWLB configuration guidelines” on page 40
• “Configuring the management IP address and default gateway” on page 42
• “Configuring the firewall port” on page 42
• “Configuring the partner port” on page 43
• “Configuring the additional data link (the always-active link)” on page 43
• “Configuring the router port” on page 44
• “Configuring the firewalls” on page 44
• “Adding the firewalls” on page 44
• “Changing the maximum number of sessions” on page 46
• “Connection rate control” on page 46
• “Limiting the number of new connections for an application” on page 46
• “Adding the firewalls to the firewall group” on page 47
• “Changing the load balancing method” on page 47
• “Hashing load balance metric in FWLB” on page 48
• “Enabling the active-active mode” on page 48
• “Configuring the paths and static MAC address entries” on page 48
• “Dropping packets when a firewall reaches its limit” on page 50
• “Restricting TCP traffic to a firewall to established sessions” on page 50
• “Complete CLI example” on page 51
Overview of active-active FWLB
Active-active operation provides redundancy in case a ServerIron ADX becomes unavailable, while
enhancing performance by using both ServerIron ADXs to process and forward traffic.
Active-active operation is not the same thing as the always-active feature. The always-active feature
is used to simplify the topology of high-availability FWLB configurations, and can be used in an
active-active configuration.
Figure 10 shows an example of ServerIron ADX chassis configured for high-availability FWLB.
Comments to this Manuals