Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 85
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
74 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration example for basic multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
• Configure a standard ACL for each zone that the ServerIron ADX is not a member, except
zone
1.
The ACLs identify the IP addresses or address ranges in the other zones. If you leave zone 1
undefined, all IP addresses that are not in this ServerIron ADX’s own sub-net and are not
members of zones configured on the ServerIron ADX are assumed to be members of zone 1.
If the ServerIron ADX is a member of zone 1, configure a standard ACL for all but one of the
other zones. In this example, configure an ACL for the DMZ zone (zone 2). The ServerIron ADX
will forward traffic that is not addressed to its own sub-net (zone 1), and not addressed to
zone 2, to the other zone (zone 3) automatically.
• Configure firewall group parameters:
- Configure the zones. Each zone definition consists of a number, an optional name, and
the ACL that specifies the IP addresses in the zone. See Table 3 for the maximum number
of zones and paths supported on the ServerIron ADX ADX.
- Configure the paths and add static MAC entries for the firewall interfaces with the
ServerIron ADX. Configure a separate path through each firewall to each ServerIron ADX.
You also must configure a path from each ServerIron ADX to the routers attached to the
ServerIron ADX.
• Save the configuration to the startup-config file.
Configuration example for basic multizone FWLB
The following sections show all the ServerIron ADX commands you would enter on each ServerIron
ADX to implement the configuration shown in
Figure 13 on page 73.
Most of the configuration tasks for multizone FWLB are the same as the tasks for other FWLB
configurations.
Commands on ServerIron ADX Zone1-SI
The following commands configure ServerIron ADX “Zone1-SI” in zone 1 in Figure 13 on page 73.
The first set of commands changes the device name, configures the management IP address, and
specifies the default gateway. Notice that the management IP address is in the same sub-net as
the firewall interface with the ServerIron ADX. If the ServerIron ADX and the firewall are in different
sub-nets, you need to configure source IP addresses and enable source NAT.
In this configuration, the default gateway is the IP address of one of the firewall interfaces with the
ServerIron ADX. In this case, the IP address is the address of firewall FW1’s interface with this
ServerIron ADX.
ServerIronADX(config)# hostname Zone1-SI
Zone1-SI(config)# ip address 209.157.24.13 255.255.255.0
Zone1-SI(config)# ip default-gateway 209.157.24.1
The following command disables the Spanning Tree Protocol (STP). You must disable STP on all the
devices in this type of FWLB configuration.
Zone1-SI(config)# no span
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.085 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals