Technical data
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 8 - 1
Chapter 8
Configuring FWLB and SLB
NOTE: This chapter shows basic FWLB configurations with Layer 3 firewalls. Currently, these are the
configurations supported by the ServerIron. If you need to perform concurrent SLB and FWLB in a different type of
FWLB configuration, contact Brocade Communications Systems.
You can configure the ServerIron to concurrently perform FWLB and SLB at the same time. The software supports
the following configurations:
• SLB-to-FWLB – The ServerIron on the Internet side of the firewalls performs FWLB for traffic directed toward
real servers connected to the ServerIron on the private side of the firewalls. In this configuration, all the SLB
configuration (virtual IP address, real server, and port bindings) resides on the Internet ServerIron. The real
servers are configured as remote servers. In addition, the SLB-to-FWLB feature is enabled on the Internet
ServerIron. The internal ServerIron is configured for FWLB but requires no additional configuration.
• FWLB-to-SLB – The internal ServerIron (the one on the private side of the firewalls) contains all the SLB
configuration information. In this configuration, the FWLB-to-SLB feature is enabled on this ServerIron rather
than the Internet ServerIron. This configuration enables the internal ServerIron to learn the firewall from which
a client request is received and send the server reply back through the same firewall.
Your choice of implementation depends on the ServerIron you want to use for the SLB configuration. Use SLB-to-
FWLB is you want to place the SLB configuration on the Internet ServerIron. Use FWLB-to-SLB is you want to
place the SLB configuration on the internal ServerIron.
NOTE: You must use hash-based FWLB (the default) if you use either of these features. The ServerIron does not
support stateful FWLB with these features.
NOTE: On the ServerIronXL, you must use the default VLAN (normally VLAN 1) for the FWLB configuration.