Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
101102103104105106107108109110
Firewall Load Balancing Guide
7 - 4 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Command Syntax
Syntax: [no] server fw-name <string> <ip-addr>
NOTE: When you add a firewall name, the CLI level changes to the Firewall level. This level is used when you
are configuring stateful FWLB.
Syntax: server fw-group 2
This command changes the CLI to firewall group configuration level. The firewall group number is 2. Only one
firewall group is supported.
Syntax: [no] fw-name <string>
Adds a configured firewall to the firewall group.
Configuring the Paths and Adding Static MAC Entries
A path is configuration information the ServerIron uses to ensure that a given source and destination IP pair is
always authenticated by the same Layer 3 firewall.
Each path consists of the following parameters:
The path ID – A number that identifies the path. The paths go from one ServerIron to the other through the
firewalls.
The ServerIron port – The number of the port that connects the ServerIron to the firewall.
The other ServerIron’s or Layer 2 switch’s IP address – The management address of the ServerIron or
Layer 2 switch on the other side of the firewall. The ServerIron on the private network side and the other
ServerIron or Layer 2 switch are the end points of the data path through the firewall.
The next-hop IP address – The IP address of the firewall interface connected to this ServerIron.
For each type of firewall (Layer 3 synchronous and asynchronous, with or without NAT), you must configure paths
between the ServerIrons through the firewalls.
In addition to configuring the paths, you need to create a static MAC entry for each firewall interface attached to
the ServerIron.
NOTE: FWLB paths must be fully meshed. When you configure a FWLB path on a ServerIron, make sure you
also configure a reciprocal path on the ServerIron attached to the other end of the firewalls. For example, if you
configure four paths to four separate firewalls, make sure you configure four paths on the other ServerIron.
NOTE: The static MAC entries are required. You must add a static MAC entry for each firewall interface with the
ServerIron.
To configure a path and add static MAC entries, use one of the following methods.
USING THE CLI
To configure the paths and static MAC entries for the configuration shown in Figure 3.2 on page 3-7, enter the
following commands. Enter the first group of commands on ServerIron A. Enter the second group of commands on
ServerIron B.
Commands for ServerIron A (External)
ServerIron-A(config)# server fw-group 2
ServerIron-A(config-tc-2)# fwall-info 1 1 10.10.10.30 209.157.23.108
ServerIron-A(config-tc-2)# fwall-info 2 2 10.10.10.30 209.157.23.109
ServerIron-A(config-tc-2)# exit
ServerIron-A(config)# static-mac-address abcd.da10.dc2c ethernet 1 high-priority
router-type
ServerIron-A(config)# static-mac-address abcd.da10.dc3f ethernet 2 high-priority