Technical data
Firewall Load Balancing Guide
A - 4 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Configure the following command, to prevent this condition:
ServerIron# server fw-allow-dynamic-port-change
This command allows the firewall path health checks to be sent to the correct port where the firewall ARP is learnt
and update the firewall path accordingly to reflect the new interface where the firewall can now be reached.
NOTE: For the complete CLI example, see.... The example in the Guide does not use the wildcard in the firewall
paths and the firewalls do not have active-standby NICS, but the other aspects of the configurations are the same.
Customizing Path Health Checks
This appendix describes the health checks for firewall and router paths and how to change their configuration.
By default, the ServerIron checks the health of each firewall and router path by sending an ICMP ping on the path
every 400 milliseconds.
• If the ServerIron receives one or more responses within 1.2 seconds, the ServerIron concludes that the path
is healthy.
• Otherwise, the ServerIron reattempts the health check by sending another ping. By default, the ServerIron
reattempts an unanswered path health check up to three times before concluding that the path is unhealthy.
You can change the maximum number of retries for the Layer 3 health checks of firewall and router paths. You also
can enable Layer 4 path health checks for the firewall paths.
NOTE: This chapter describes how to configure path health checks but not application health checks. To
configure a Layer 4 or Layer 7 application health check, use the procedures in the "Configuring Health Checks"
section of the "Configuring Port and Health Check Parameters" chapter in the Foundry ServerIron Installation and
Configuration Guide. To configure a Layer 4 or Layer 7 application health check, use the procedures in the "Health
Checks" chapter of the ServerIron TrafficWorks Server Load Balancing Guide.
Changing the Maximum Number of Layer 3 Path Health-Check
Retries
By default, the ServerIron checks the health of each firewall and router path by sending an ICMP ping on the path
every 400 milliseconds.
• If the ServerIron receives one or more responses within 1.2 seconds, the ServerIron concludes that the path
is healthy.
• Otherwise, the ServerIron reattempts the health check by sending another ping. By default, the ServerIron
reattempts an unanswered path health check up to three times before concluding that the path is unhealthy.
You can change the maximum number of retries to a value from 3 – 31 (ServerIron Chassis devices) or 8 – 31 (all
other ServerIron models).
To change the maximum number of FWLB path health check attempts, enter a command such as the following at
the firewall level of the CLI:
ServerIron(config-tc-2)# fw-health-check icmp 20
Syntax: [no] fw-health-check icmp <num>
The <num> parameter specifies the maximum number of retries and can be a number from 3 – 31 (ServerIron
Chassis devices) or 8 – 31 (all other ServerIron models). The default is 3 for ServerIron Chassis devices, 8 for all
other ServerIron models.