Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
41424344454647484950
Firewall Load Balancing Guide
5 - 6 © 2012 Brocade Communications Systems, Inc. May 31, 2012
A management station attached to one of the ServerIrons on the private side of the firewalls provides Telnet
management access to all four ServerIrons.
To implement the Active-Active FWLB configuration shown in Figure 5.1, perform the following tasks on each
ServerIron.
Configuring the Management IP Address and Default Gateway
You must add a management IP address to the ServerIron and the IP address must be in the same sub-net as the
ServerIron’s interfaces with the Layer 3 firewalls.
For the default gateway address, specify the IP address on the router’s interface with the ServerIron.
Table 5.1: Configuration tasks – Active-Active FWLB
Task See page...
Configure Global Parameters
Configure the management IP address and default gateway 5-6
Configure the partner port, for the synchronization link 5-7
Configure the additional data link (the always-active link) 5-7
Configure the router port 5-7
Configure Firewall Parameters
Define the firewalls and add them to the firewall group. When you define each firewall, optionally
specify:
The TCP or UDP application ports on the firewall
The health check state (enabled by default)
The maximum total number of sessions
The maximum new session rate
5-8
Configure Firewall Group Parameters
Change the load balancing method from least connections to least connections per application
(optional)
5-10
Enable the active-active mode 5-11
Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron 5-11
Configure the ServerIron to drop traffic when the firewall has reached its maximum number of
sessions or maximum new session rate (optional)
5-12
Configure the ServerIron to forward a TCP data packet only if the ServerIron has already received a
TCP SYN for the packet's source and destination addresses (optional)
5-12
Enable FWLB
Assign all Web Switching Management Modules to a single WSM CPU for FWLB
Note: This step is applicable only if you are running a software release earlier than 07.2.20 and the
chassis is using more than one forwarding module.
5-12
Globally enable FWLB 5-13