Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
31323334353637383940
Configuring Basic FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 4 - 9
Commands on the Internal ServerIron
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname SI-Internal
SI-Internal(config)# vlan 1
SI-Internal(config-vlan-1)# router-interface ve 1
SI-Internal(config-vlan-1)# exit
SI-Internal(config)# interface ve 1
SI-Internal(config-ve-1)# ip address 10.10.2.222 255.255.255.0
SI-Internal(config-ve-1)# exit
SI-Internal(config)# ip route 0.0.0.0 0.0.0.0 10.10.2.5
SI-Internal(config)# server fw-name fw1 10.10.2.5
SI-Internal(config-rs-fw1)# port http
SI-Internal(config-rs-fw1)# exit
SI-Internal(config)# server fw-name fw2 10.10.2.6
SI-Internal(config-rs-fw2)# port http
SI-Internal(config-rs-fw2)# exit
SI-Internal(config)# server fw-group 2
SI-Internal(config-tc-2)# fw-name fw1
SI-Internal(config-tc-2)# fw-name fw2
SI-Internal(config-tc-2)# fwall-info 1 4/1 10.10.1.111 10.10.2.5
SI-Internal(config-tc-2)# fwall-info 2 4/2 10.10.1.111 10.10.2.6
SI-Internal(config-tc-2)# fw-predictor per-service-least-conn
SI-Internal(config)# exit
SI-Internal(config)# vlan 1
SI-Internal(config-vlan-1)# static-mac-address 0080.c8b9.abaa ethernet 4/1
priority 1 router-type
SI-Internal(config-vlan-1)# static-mac-address 0080.c8b9.910a ethernet 4/2
priority 1 router-type
SI-Internal(config-vlan-1)# exit
SI-Internal(config)# ip l4-policy 1 fw tcp 0 global
SI-Internal(config)# ip l4-policy 2 fw udp 0 global
SI-Internal(config)# write memory
Basic FWLB with Multiple Sub-Nets and Multiple Virtual Rout-
ing Interfaces
Figure 4.2 shows an example of a basic FWLB configuration in which multiple IP sub-net interfaces are configured
on each ServerIron. On each ServerIron, the client or server is in one sub-net and the firewalls are in another sub-
net. The ports connected to the firewalls are configured in a separate port-based VLAN. The ServerIron’s IP
interface to the firewalls is configured on a virtual routing interface associated with the ports in the VLAN.
The client and server in this example are each configured to use their locally attached ServerIron as the default
gateway, instead of using a firewall interface. Therefore, you do not need to configure static MAC entries for the
firewalls on the ServerIron.