ServerIron ADX Firewall Load Balancing Guide 121
53-1002436-01
Configuring IronClad Layer 3 FWLB for NAT
5
DRAFT: BROCADE CONFIDENTIAL
CLI commands on ServerIron ADX B (internal)
The following CLI commands configure ServerIron ADX B in Figure 18. Notice that this ServerIron
ADX is not configured to deny load balancing for the NAT addresses used by the firewalls. This
ServerIron ADX sees only the internal addresses, not the NAT addresses.
ServerIronADX-B(config)# hostname ServerIronADX-B
ServerIronADX-B(config)# ip address 10.10.10.30 255.255.255.0
ServerIronADX-B(config)# ip default-gateway 10.10.10.10
ServerIronADX-B(config)# no span
ServerIronADX-B(config)# server fw-name fw1 10.10.10.10
ServerIronADX-B(config-rs-fw1)# exit
ServerIronADX-B(config)# server fw-name fw2 10.10.10.11
ServerIronADX-B(config-rs-fw2)# exit
ServerIronADX-B(config)# server fw-group 2
ServerIronADX-B(config-fw-2)# fw-name fw1
ServerIronADX-B(config-fw-2)# fw-name fw2
ServerIronADX-B(config-fw-2)# fwall-info 1 1 209.157.23.106 10.10.10.10
ServerIronADX-B(config-fw-2)# fwall-info 2 2 209.157.23.106 10.10.10.11
ServerIronADX-B(config-fw-2)# exit
ServerIronADX-B(config)# static-mac-address abcd.da68.6655 ethernet 1 priority 1
router-type
ServerIronADX-B(config)# static-mac-address abcd.da68.6104 ethernet 2 priority 1
router-type
Configuring IronClad Layer 3 FWLB for NAT
Figure 19 shows an example of an IronClad FWLB configuration for Layer 3 NAT firewalls. The
procedures and CLI configuration example in this section are based on this sample configuration.
The configuration steps for firewalls that perform NAT are identical to the steps for basic and
IronClad FWLB without NAT, with just one additional step. The additional step disables load
balancing for the NAT addresses. Refer to “Preventing load balancing of the NAT addresses” on
page 128.
Comments to this Manuals