Technical data
Firewall Load Balancing Guide
6 - 36 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Zone2-SI-S(config-tc-2)# exit
Zone2-SI-S(config)# access-list 3 permit 10.10.3.0 0.0.0.255
Zone2-SI-S(config)# access-list 3 permit 10.10.6.0 0.0.0.255
Zone2-SI-S(config)# server fw-group 2
Zone2-SI-S(config-tc-2)# fwall-zone zone3 3 3
Zone2-SI-S(config-tc-2)# exit
Zone2-SI-S(config)# server real-name rs1 10.10.8.40
Zone2-SI-S(config-rs-rs1)# port http
Zone2-SI-S(config-rs-rs1)# exit
Zone2-SI-S(config)# server real-name rs1 10.10.8.42
Zone2-SI-S(config-rs-rs2)# port http
Zone2-SI-S(config-rs-rs2)# exit
Zone2-SI-S(config)# server virtual www.rs.com 10.10.8.10
Zone2-SI-S(config-vs-www.rs.com)# port http
Zone2-SI-S(config-vs-www.web.com)# bind http rs1 http rs2 http
Zone2-SI-S(config-vs-www.web.com)# exit
Zone2-SI-S(config)# server fw-slb
Zone2-SI-S(config)# ip l4-policy 1 fw tcp 0 global
Zone2-SI-S(config)# ip l4-policy 2 fw udp 0 global
Zone2-SI-S(config)# write memory
Commands on Zone 3’s ServerIron (Zone3-SI-A)
Here are the commands for configuring the ServerIron in zone 3.
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname Zone3-SI-A
Zone3-SI-A(config)# vlan 1
Zone3-SI-A(config-vlan-1)# untagged ethernet 4/1 to 4/12
Zone3-SI-A(config-vlan-1)# router-interface ve 1
Zone3-SI-A(config-vlan-1)# exit
Zone3-SI-A(config)# interface ve 1
Zone3-SI-A(config-ve-1)# ip address 10.10.3.111 255.255.255.0
Zone3-SI-A(config-ve-1)# exit
Zone3-SI-A(config)# vlan 2
Zone3-SI-A(config-vlan-2)# untagged ethernet 4/13 to 4/24
Zone3-SI-A(config-vlan-2)# router-interface ve 2
Zone3-SI-A(config-vlan-2)# exit
Zone3-SI-A(config)# interface ve 2
Zone3-SI-A(config-ve-1)# ip address 10.10.6.101 255.255.255.0
Zone3-SI-A(config-ve-1)# exit
Zone3-SI-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.3.1
Zone3-SI-A(config)# server fw-name fw1 10.10.3.1
Zone3-SI-A(config-rs-fw1)# port http
Zone3-SI-A(config-rs-fw1)# port http no-health-check
Zone3-SI-A(config-rs-fw1)# port ftp
Zone3-SI-A(config-rs-fw1)# port ftp no-health-check
Zone3-SI-A(config-rs-fw1)# port snmp
Zone3-SI-A(config-rs-fw1)# port snmp no-health-check
Zone3-SI-A(config-rs-fw1)# exit
Zone3-SI-A(config)# server fw-name fw2 10.10.3.2
Zone3-SI-A(config-rs-fw2)# port http
Zone3-SI-A(config-rs-fw2)# port http no-health-check
Zone3-SI-A(config-rs-fw2)# port ftp
Zone3-SI-A(config-rs-fw2)# port ftp no-health-check
Zone3-SI-A(config-rs-fw2)# port snmp
Zone3-SI-A(config-rs-fw2)# port snmp no-health-check
Zone3-SI-A(config-rs-fw2)# exit