Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
151152153154155156157158159160
Firewall Load Balancing Guide
10 - 8 © 2012 Brocade Communications Systems, Inc. May 31, 2012
NOTE: If you enter the command at the global CONFIG level, the static MAC entry applies to the default port-
based VLAN (VLAN 1). If you enter the command at the configuration level for a specific port-based VLAN, the
entry applies to that VLAN and not to the default VLAN.
Configuring the ServerIron Priority
If you are configuring the ServerIron for IronClad FWLB, you need to specify the priority for the firewalls within the
firewall group. The priority determines which of the partner ServerIrons that are configured together for IronClad
FWLB is the default active ServerIron for the firewalls within the group.
You can specify a priority from 0 – 255. The ServerIron with the higher priority is the default active ServerIron for
the firewalls within the firewall group.
USING THE CLI
To configure a ServerIron to be the default active ServerIron for the firewalls in group 2, enter the following
commands.
Commands for Active ServerIron A (External Active)
SI-ActiveA(config)# server fw-group 2
SI-ActiveA(config-tc-2)# sym-priority 255
Commands for Standby ServerIron A (External Standby)
To configure another ServerIron to not be the default active ServerIron for the firewalls in group 2, enter the
following commands:
SI-StandbyA(config)# server fw-group 2
SI-StandbyA(config-tc-2)# sym-priority 1
Commands for Active ServerIron B (Internal Active)
SI-ActiveB(config)# server fw-group 2
SI-ActiveB(config-tc-2)# sym-priority 255
Commands for Standby ServerIron B (Internal Standby)
SI-StandbyB(config)# server fw-group 2
SI-StandbyB(config-tc-2)# sym-priority 1
Command Syntax
Syntax: [no] sym-priority <num>
The priority can be from 0 – 255.
NOTE: If you specify 0, the CLI removes the priority. When you save the configuration to the startup-config file,
the sym-priority command is removed. Use this method to remove the priority. You cannot remove the priority
using the no sym-priority command.
Enabling FWLB
To enable FWLB, you configure global IP policies. FWLB for TCP and UDP is controlled independently, so you
need to configure a separate global IP policy for each type of traffic.
When you enable FWLB for TCP or UDP globally, all ports that are in the firewall group are enabled for FWLB. All
ServerIron ports are in firewall group 2 by default. Thus, if you enable FWLB globally, it affects all physical ports
unless you remove ports from firewall groups.