Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 82
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 71
53-1002436-01
DRAFT: BROCADE CONFIDENTIAL
Chapter
4
Configuring Multizone FWLB
In this chapter
•Zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
•Configuring basic multizone FWLB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
•Configuration example for basic multizone FWLB. . . . . . . . . . . . . . . . . . . . . 74
•Configuring highly-availability multizone FWLB . . . . . . . . . . . . . . . . . . . . . . . 79
•Configuration example for a high-availability multizone FWLB. . . . . . . . . . . 81
•Configuration examples with Layer 3 routing . . . . . . . . . . . . . . . . . . . . . . . . 92
Zone configuration
Multizone FWLB allows you to configure ServerIron ADXs to forward packets based on the
destination zone. For example, if your network consists of an Internet side, an internal side, and a
Demilitarized Zone (DMZ) in between, you can configure ServerIron ADXs to forward packets
through the firewalls to the correct zone.
When you configure multizone FWLB, you first identify a zone by configuring standard Access
Control Lists (ACLs). An ACL specifies the IP addresses (or address ranges) within the zone. When
you configure the firewall group parameters, you add the zones and define them by associating the
ACLs with them. Each zone consists of a zone number, an optional name, and a standard ACL that
specifies the IP addresses contained in the zone.
You can configure multizone FWLB for basic configurations and IronClad (high-availability)
configurations. This section provides an example for each type of configuration.
When the ServerIron ADX forwards a packet, it selects a path that goes through a firewall to a
ServerIron ADX that is in the zone that contains the destination IP address of the packet.
The configuration tasks for multizone FWLB are the same as other FWLB implementations, with the
exception of the configuration for the zones.
Consider the following when you configure zones:
• Do not define zone 1. When zone 1 is undefined, the zone by default contains all IP addresses
that are not explicitly configured as members of other zones (zones 2 through 10). In typical
configurations, the ServerIron ADXs in the DMZ and the internal network contain zone
definitions for each other, while none of the ServerIron ADXs contains a zone definition for
zone 1 (thus leaving zone 1 undefined). As a result, traffic that is not destined for an address in
the DMZ or the internal network is sent to the Internet.
You can define zone 1, but if you do, this zone contains only the IP address ranges you
configure for the zone.
• Do not configure zone information on a ServerIron ADX for the zone the ServerIron ADX is in.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.144 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals