Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 124
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 113
53-1002436-01
DRAFT: BROCADE CONFIDENTIAL
Chapter
5
Configuring FWLB for NAT Firewalls
In this chapter
•NAT firewalls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
•Configuring basic Layer 3 FWLB for NAT firewalls . . . . . . . . . . . . . . . . . . . . 114
•Configuration example for FWLB with Layer 3 NAT firewalls . . . . . . . . . . . 119
•Configuring IronClad Layer 3 FWLB for NAT. . . . . . . . . . . . . . . . . . . . . . . . . 121
•Configuration example for IronClad FWLB with Layer 3 NAT firewalls . . . . 129
NAT firewalls
Some Layer 3 firewalls perform Network Address Translation (NAT). These firewalls translate private
addresses on the private side of the network into public (Internet) addresses on the public side of
the network.
NOTE
The configuration steps for firewalls that perform NAT are identical to the steps for basic and
IronClad FWLB without NAT, with just one additional step. The additional step disables load
balancing for the NAT addresses.
You can deploy ServerIron ADXs to load balance NAT firewalls in a basic configuration or an
IronClad configuration, just as in the examples in the previous chapters. Configuring the ServerIron
ADXs for NAT requires only one additional step. The additional step disables load balancing for the
NAT addresses, which are the addresses the firewalls use when translating private addresses into
Internet addresses.
You can configure a single ServerIron ADX on each side of the firewalls (as in the basic
configuration example in
Figure 18) or you can configure active-standby pairs of ServerIron ADXs
on each side of the firewalls (as in Figure 19).
Firewalls perform NAT in a couple of ways. The ServerIron ADX supports load balancing for either
method and the ServerIron ADX configuration is the same for each method. You do not need to
know which method your firewalls are using to configure the ServerIron ADXs to load balance for
them.
The methods to perform NAT are as follows:
• Hiding internal addresses behind a single public address – The firewall is configured with a
single Internet address that it uses for clients that initiate traffic from within the private side of
the network. The firewall translates the source address for such traffic from the private
address of the client into the public address. The firewall keeps track of the private addresses
by including a Layer 4 port number from a pool of such numbers. When the firewall receives a
return packet from a destination, the firewall uses the port number to identify the correct
private address and translates the packet’s destination address from the public address into
the correct private address.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 2.256 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals