Technical data
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 4 - 1
Chapter 4
Configuring Basic FWLB
This chapter describes how to implement commonly used configurations for the following:
• Basic FWLB (configuration without ServerIron redundancy)
• IronClad (active-standby configuration with ServerIron redundancy)
Configuring Basic Layer 3 FWLB
Basic FWLB uses a single ServerIron on the enterprise side of the load balanced firewalls and another ServerIron
on the Internet side. Figure 3.2 on page 3-7 shows an example of this type of configuration.
Configuring Basic Layer 3 FWLB
To configure basic Layer 3 FWLB, perform the following tasks.
Enabling FWLB
To enable FWLB, you configure global IP policies. FWLB for TCP and UDP is controlled independently, so you
need to configure a separate global IP policy for each type of traffic.
When you enable FWLB for TCP or UDP globally, all ports that are in the firewall group are enabled for FWLB. All
ServerIron ports are in firewall group 2 by default. Thus, if you enable FWLB globally, it affects all physical ports
unless you remove ports from firewall groups.
Table 4.1: Configuration tasks – Basic FWLB
Task See page...
Configure Global Parameters
Globally enable FWLB 4-1
Configure Firewall Parameters
Define the firewalls and add them to the firewall group 4-2
Configure Firewall Group Parameters
Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron 4-3