Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
12345678910
Firewall Load Balancing Guide
iv © 2012 Brocade Communications Systems, Inc. May 31, 2012
CHAPTER 4
C
ONFIGURING BASIC FWLB ....................................................................... 4-1
CONFIGURING BASIC LAYER 3 FWLB ..........................................................................................................4-1
C
ONFIGURING BASIC LAYER 3 FWLB ...................................................................................................4-1
E
NABLING FWLB........................................................................................................................... 4-1
D
EFINING THE FIREWALLS AND ADDING THEM TO THE FIREWALL GROUP ......................................... 4-2
C
ONFIGURING THE PATHS AND ADDING STATIC MAC ENTRIES ....................................................... 4-3
C
ONFIGURATION EXAMPLE FOR BASIC LAYER 3 FWLB ................................................................................4-4
C
OMMANDS ON SERVERIRON A (EXTERNAL) .........................................................................................4-4
C
OMMANDS ON SERVERIRON B (INTERNAL) ..........................................................................................4-5
C
ONFIGURATION EXAMPLES WITH LAYER 3 ROUTING SUPPORT ....................................................................4-6
B
ASIC FWLB WITH ONE SUB-NET AND ONE VIRTUAL ROUTING INTERFACE ...........................................4-6
B
ASIC FWLB WITH MULTIPLE SUB-NETS AND MULTIPLE VIRTUAL ROUTING INTERFACES ........................4-9
CHAPTER 5
C
ONFIGURING HA FWLB ........................................................................... 5-1
UNDERSTANDING SERVERIRON FWLB ........................................................................................................5-1
S
TATEFUL FWLB .................................................................................................................................5-1
L
AYER 3/4 SESSIONS ...........................................................................................................................5-2
S
ESSION LIMITS ...................................................................................................................................5-2
S
ESSION AGING ...................................................................................................................................5-2
H
EALTH CHECKS ..................................................................................................................................5-3
P
ATH HEALTH CHECKS .........................................................................................................................5-3
A
PPLICATION HEALTH CHECKS .............................................................................................................5-3
C
ONFIGURING HA ACTIVE-ACTIVE FWLB ....................................................................................................5-4
O
VERVIEW OF ACTIVE-ACTIVE FWLB ...................................................................................................5-4
C
ONFIGURING THE MANAGEMENT IP ADDRESS AND DEFAULT GATEWAY ................................................5-6
C
ONFIGURING THE PARTNER PORT .......................................................................................................5-7
C
ONFIGURING THE ADDITIONAL DATA LINK (THE ALWAYS-ACTIVE LINK) .................................................5-7
C
ONFIGURING THE ROUTER PORT ........................................................................................................5-7
C
ONFIGURING THE FIREWALLS ..............................................................................................................5-8
A
DDING THE FIREWALLS .......................................................................................................................5-8
C
HANGING THE MAXIMUM NUMBER OF SESSIONS ..................................................................................5-9
C
ONNECTION RATE CONTROL ..............................................................................................................5-9
L
IMITING THE NUMBER OF NEW CONNECTIONS FOR AN APPLICATION .....................................................5-9
A
DDING THE FIREWALLS TO THE FIREWALL GROUP .............................................................................5-10
C
HANGING THE LOAD-BALANCING METHOD .........................................................................................5-10
H
ASHING LOAD BALANCE METRIC IN FWLB ........................................................................................5-10
E
NABLING THE ACTIVE-ACTIVE MODE .................................................................................................5-11
C
ONFIGURING THE PATHS AND STATIC MAC ADDRESS ENTRIES .........................................................5-11
D
ROPPING PACKETS WHEN A FIREWALL REACHES ITS LIMIT ...............................................................5-12
R
ESTRICTING TCP TRAFFIC TO A FIREWALL TO ESTABLISHED SESSIONS .............................................5-12
A
SSIGNING FWLB PROCESSING TO A WSM CPU ...............................................................................5-12
E
NABLING FWLB ...............................................................................................................................5-13
C
OMPLETE CLI EXAMPLE ...................................................................................................................5-13