114 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring basic Layer 3 FWLB for NAT firewalls
5
DRAFT: BROCADE CONFIDENTIAL
• Static translation – For traffic from a client inside the private network to a destination on the
Internet, the firewall translates the private address into a unique Internet address. Likewise, for
traffic from the Internet, the firewall translates the public address into a private address. Unlike
the previous method, the static method assigns a different, unique Internet address for each
client in the private network. The previous method uses a common Internet address for all
private addresses.
Configuring basic Layer 3 FWLB for NAT firewalls
Figure 18 shows an example of a basic FWLB configuration for Layer 3 NAT firewalls. The
procedures and CLI configuration example in this section are based on this sample configuration.
The configuration steps for firewalls that perform NAT are identical to the steps for basic and
IronClad FWLB without NAT, with just one additional step. The additional step disables load
balancing for the NAT addresses. Refer to “Preventing load balancing of the NAT addresses” on
page 118.
FIGURE 18 FWLB for Layer 3 firewalls performing NAT—basic configuration
To configure basic Layer 3 FWLB for NAT firewalls, perform the tasks shown in Table 6.
SI-A
SI-B
WAN Router
209.157.23.106/24
Port e1
Port e2
209.157.23.108/24
NAT:
209.157.23.110/24
FW1
FW2
209.157.23.109/24
NAT:
209.157.23.107/24
10.10.10.10/24
10.10.10.11/24
Port e1
Port e2
10.10.10.20/24 10.10.10.21/24
10.10.10.30/24
Internet
TABLE 6 Basic FWLB for NAT firewalls configuration tasks
Task Reference
Configure global parameters
Configure firewall parameters
Define the firewalls and add them to the firewall group page 115
Comments to this Manuals