Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 141
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
130 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration example for IronClad FWLB with Layer 3 NAT firewalls
5
DRAFT: BROCADE CONFIDENTIAL
The server fw-port command identifies the port that connects this ServerIron ADX to its partner. If
you configure a trunk group for the link between the two partners, specify the first port (the primary
port for the group) in the trunk group.
SI-ActiveA(config)# server fw-port 5
The server fw-name commands add the firewalls to the ServerIron ADX. In the commands above,
“fw1” and “fw2” are the firewall names. These names are specific to the ServerIron ADX and do not
need to correspond to any name parameters on the firewalls themselves. The IP addresses are the
addresses of the firewall interfaces with the ServerIron ADX.
SI-ActiveA(config)# server fw-name fw1 192.168.1.2
SI-ActiveA(config-rs-fw1)# exit
SI-ActiveA(config)# server fw-name fw2 192.168.1.3
SI-ActiveA(config-rs-fw2)# exit
The following commands add firewall entries for the hidden NAT addresses. These entries prevent
the ServerIron ADX from load balancing the firewall traffic to these addresses. The ServerIron ADX
forwards a return packet addressed to one of these firewalls directly to the firewall that sent it,
instead of using the hash mechanism to select a path for the traffic.
ServerIronADX-A(config)# server fw-name fw3NAT 192.168.2.10
ServerIronADX-A(config-rs-fw3NAT)# exit
ServerIronADX-A(config)# server fw-name fw4NAT 192.168.2.3
ServerIronADX-A(config-rs-fw4NAT)# exit
The following commands configure the firewall group. The server fw-group 2 command changes the
focus of the CLI to firewall group 2 (IPv4 addresses). The server fw-group 4 command changes the
focus of the CLI to firewall group 4 (IPv6 addresses).
The sym-priority command specifies the priority of this ServerIron ADX with respect to the other
ServerIron ADX for the firewalls in the firewall group. The priority can be from 0 through 255. The
ServerIron ADX with the higher priority is the default active ServerIron ADX for the firewalls within
the group.
NOTE
If you specify 0, the CLI removes the priority. When you save the configuration to the startup-config
file, the sym-priority command is removed. Use this method to remove the priority. You cannot
remove the priority using the no sym-priority command.
The fw-name <firewall-name> command adds the firewalls to the firewall group. Notice that the
firewall entries for the hidden NAT addresses are not added.
SI-ActiveA(config)# server fw-group 2
SI-ActiveA(config-fw-2)# sym-priority 255
SI-ActiveA(config-fw-2)# fw-name fw1
SI-ActiveA(config-fw-2)# fw-name fw2
The fwall-info commands add the paths between this ServerIron ADX and the other ServerIron ADXs
through the firewalls. The paths enhance performance by ensuring that a given traffic flow (source
and destination IP addresses) always travels through the same firewall. In configurations that use
asynchronous firewalls, the paths enhance performance by eliminating excess authentications. In
this configuration, each ServerIron ADX has two paths to each of the two firewalls. The fifth path
goes to the router.
The paths are required, even if the firewalls are synchronized.
The first parameter with each command is a path ID. The second parameter is the port number of
the ServerIron ADX port that connects the ServerIron ADX to the firewall in the path.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 2.877 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals