Technical data
Firewall Load Balancing Guide
7 - 2 © 2012 Brocade Communications Systems, Inc. May 31, 2012
NOTE: The configuration steps for firewalls that perform NAT are identical to the steps for basic and IronClad
FWLB without NAT, with just one additional step. The additional step disables load balancing for the NAT
addresses. See “Preventing Load Balancing of the NAT Addresses” on page 7-5.
Figure 7.1 FWLB for Layer 3 firewalls performing NAT—basic configuration
To configure basic Layer 3 FWLB for NAT firewalls, perform the following tasks.
Enabling FWLB
To enable FWLB, you configure global IP policies. FWLB for TCP and UDP is controlled independently, so you
need to configure a separate global IP policy for each type of traffic.
When you enable FWLB for TCP or UDP globally, all ports that are in the firewall group are enabled for FWLB. All
ServerIron ports are in firewall group 2 by default. Thus, if you enable FWLB globally, it affects all physical ports
unless you remove ports from firewall groups.
Table 7.1: Configuration tasks – Basic FWLB for NAT Firewalls
Task See page...
Configure Global Parameters
Globally enable FWLB 7-2
Configure Firewall Parameters
Define the firewalls and add them to the firewall group 7-3
Configure Firewall Group Parameters
Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron 7-4
Configure NAT Address Parameters
Disable load balancing for the NAT addresses 7-5
WAN Router
SI-B
SI-A
Internet
10.10.10.21/2410.10.10.20/24
10.10.10.30/24
209.157.23.106/24
Port e1
Port e2
Port e2
Port e1
10.10.10.11/2410.10.10.10/24
NAT:
209.157.23.110/24
209.157.23.108/24
209.157.23.109/24
NAT:
209.157.23.107/24
FW-2
FW-1