Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8

121

122

123

124

125

126

127

128

129

130

Configuring FWLB and SLB

Figure 8.2 shows an example of an SLB-to-FWLB configuration.

Figure 8.2 FWLB-to-SLB configuration

For FWLB-to-SLB, all the SLB configuration information is on the internal ServerIron (ServerIron B).

Configuring SLB-to-FWLB

To configure SLB-to-FWLB in a basic FWLB configuration for Layer 3 firewalls, such as the one shown in Figure

8.1, perform the following tasks.

• Configure SLB parameters on the Internet ServerIron

• Configure the real servers

• Configure the virtual server

• Bind the real servers to the virtual server

• Enable the SLB-to-FWLB feature

• Configure global FWLB parameters

• Globally enable FWLB

• Configure firewall parameters

• Define the firewalls and add them to the firewall group

• Configure firewall group parameters

• Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron

NOTE: On the ServerIronXL, you must use the default VLAN (normally VLAN 1) for the FWLB configuration.

WAN Router

Internal

Router

SI-B

SI-A

Internet

192.168.2.200

192.168.1.100

Port e3

Port e5

Port e2

Real Server

192.168.2.50

Real Server

192.168.2.60

Port e1

FW1-IPout

192.168.2.30

MAC:

abcd.4321.34e2

FW1-IPout

192.168.2.40

MAC:

abcd.4321.34e3

MAC:

abcd.4321.34e0

FW1-IPin

192.168.1.30

MAC:

abcd.4321.34e1

FW2-IPin

192.168.1.40

FW-2

FW-1

SLB Configuration

- Real Servers 192.168.2.50 and 192.168.2.60

- Real Servers can be defined as local because

proxy ARP is enabled on the Internal Router

- Virtual Server 192.168.2.2

- Servers bound by TCP port 80

- FWLB-to-SLB is enabled

NOTE: All SLB configuration

is on the Internal ServerIron

(ServerIron B)