Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
111112113114115116117118119120
Configuring FWLB for NAT Firewalls
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 7 - 11
Defining the Firewalls and Adding them to the Firewall Group
When FWLB is enabled, all the ServerIron ports are in firewall group 2 by default. However, you need to add an
entry for each firewall. To add an entry for a firewall, specify the firewall name and IP address. You can specify a
name up to 32 characters long. After you add the firewall entries, add the firewalls to the firewall group.
To define the firewalls shown in Figure 7.2 on page 7-9, use the following method.
USING THE CLI
To define the firewalls using the CLI, enter the following commands:
Commands for Active ServerIron A (External Active)
SI-ActiveA(config)# server fw-name fw1 192.168.1.2
SI-ActiveA(config-rs-fw1)# exit
SI-ActiveA(config)# server fw-name fw2 192.168.1.3
SI-ActiveA(config-rs-fw2)# exit
SI-ActiveA(config)# server fw-group 2
SI-ActiveA(config-tc-2)# fw-name fw1
SI-ActiveA(config-tc-2)# fw-name fw2
Commands for Standby ServerIron A (External Standby)
SI-StandbyA(config)# server fw-name fw1 192.168.2.2
SI-StandbyA(config-rs-fw1)# exit
SI-StandbyA(config)# server fw-name fw2 192.168.2.3
SI-StandbyA(config-rs-fw2)# exit
SI-StandbyA(config)# fw-group 2
SI-StandbyA(config-tc-2)# fw-name fw1
SI-StandbyA(config-tc-2)# fw-name fw2
Commands for Active ServerIron B (Internal Active)
SI-ActiveB(config)# server fw-name fw1 4.4.4.10
SI-ActiveB(config-rs-fw1)# exit
SI-ActiveB(config)# server fw-name fw2 4.4.4.11
SI-ActiveB(config-rs-fw2)# exit
SI-ActiveB(config)# server fw-group 2
SI-ActiveB(config-tc-2)# fw-name fw1
SI-ActiveB(config-tc-2)# fw-name fw2
Commands for Standby ServerIron B (Internal Standby)
SI-StandbyB(config)# server fw-name fw1 3.3.3.10
SI-StandbyB(config-rs-fw1)# exit
SI-StandbyB(config)# server fw-name fw2 3.3.3.11
SI-StandbyB(config-rs-fw2)# exit
SI-StandbyB(config)# server fw-group 2
SI-StandbyB(config-tc-2)# fw-name fw1
SI-StandbyB(config-tc-2)# fw-name fw2
Command Syntax
Syntax: [no] server fw-name <string> <ip-addr>
NOTE: When you add a firewall name, the CLI level changes to the Firewall level. This level is used when you
are configuring stateful FWLB.
Syntax: server fw-group 2