Technical data
Firewall Load Balancing Guide
3 - 10 © 2012 Brocade Communications Systems, Inc. May 31, 2012
In this example,
Figure 3.5 shows an example of Multizone HA FWLB.
Figure 3.5 Multizone HA FWLB
Configuration Guidelines
NOTE: Move the following to the configuration chapter
Use the following guidelines when configuring a ServerIron for FWLB.
• The ServerIron supports one firewall group, group 2. By default, all ServerIron ports belong to this firewall
group.
• You must configure a separate path on each ServerIron for each firewall. The paths ensure that firewall traffic
with a given pair of source and destination IP addresses flows through the same firewall each time. Thus, the
paths reduce firewall overhead by eliminating unnecessary revalidations.
NOTE: Path configuration is required for all load balancing configurations, whether the firewalls are
synchronous or asynchronous.
• You cannot use the features described in the "Configuring Layer 7 Switching" chapter of the Foundry
ServerIron Installation and Configuration Guide and FWLB on the same ServerIron.
Configuration Guidelines for FWLB in IronCore Systems
Use the following guidelines to configure FWLB in IronCore systems. Refer to the ServerIron Chassis L4-7
Configuration Guide for additional detail and any known limitations.
SI-B
SI-D
SI-A
SI-C
Layer 3
Firewall-1
Layer 3
Fir
e
w
a
ll-
2
Firewall-2
External Router
DMZ Router
Internal Router
Zone 1
Zone 2 Zone 3
SI-
SI-