Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 129
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
118 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring basic Layer 3 FWLB for NAT firewalls
5
DRAFT: BROCADE CONFIDENTIAL
Syntax: [no] static-mac-address <mac-addr> ethernet <portnum> [priority <0-7>] [host-type |
router-type]
The priority can be from 0 through 7 (0 is lowest and 7 is highest). The defaults are host-type and 0.
NOTE
The static MAC entries are required. You must add a static MAC entry for each firewall interface with
the ServerIron ADX. In addition, you must use the priority 1 and router-type parameters with the
static-mac-address command. These parameters enable the ServerIron ADX to use the address for
FWLB.
NOTE
If you enter the static-mac-address command at the global CONFIG level, the static MAC entry
applies to the default port-based VLAN (VLAN 1). If you enter the static-mac-address command at
the configuration level for a specific port-based VLAN, the entry applies to that VLAN and not to the
default VLAN.
Preventing load balancing of the NAT addresses
When you configure ServerIron ADXs for load balancing traffic across NAT firewalls, you must
disable load balancing on the NAT addresses themselves. You can use either of the following
methods to do so. Each method is equally valid and only one of the methods is required. You need
to use one of these methods only on the ServerIron ADX connected to the external network, not the
ServerIron ADX on the internal side of the network.
The methods for preventing load balancing of the NAT addresses are as follows:
• Configure the NAT addresses as firewall addresses, but do not configure paths for the
addresses. (This is shown in the "Extra Firewall Method" section.)
• Configure IP access policies (filters) to deny load balancing for traffic addressed to the NAT
addresses. (This is shown in the "Access Policy Method" section.)
NOTE
In FWLB configurations, the IP policies do not block traffic altogether. They deny load balancing
for the traffic. Thus, the ServerIron ADX does not load balance packets addressed to the NAT
addresses, but instead sends the traffic only to the firewall that originally sent the traffic.
Extra firewall method
To disable load balancing for the NAT addresses by adding firewalls for the addresses, enter
commands such as the following.
NOTE
Do not configure paths for the firewalls.
ServerIronADX-A(config)# server fw-name fw3NAT 209.157.23.107
ServerIronADX-A(config-rs-fw3NAT)# exit
ServerIronADX-A(config)# server fw-name fw4NAT 209.157.23.110
ServerIronADX-A(config-rs-fw4NAT)# exit
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.786 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals