Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
41424344454647484950
Configuring HA FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 5 - 9
snmp – port 161
ssl – port 443
telnet – port 23
tftp – port 69
The no-health-check parameter disables the Layer 4 path heath check for this application port. Layer 4 health
checks are enabled by default.
Changing the Maximum Number of Sessions
To change the maximum number of sessions the firewall can have on the high-availability pair of ServerIrons,
enter a command such as the following:
ServerIron(config-rs-FW1)# max-conn 145000
Syntax: [no] max-conn <num>
The <num> parameter specifies the maximum and can be from 1 – 1000000. This maximum applies to both the
ServerIron and its high-availability partner.
NOTE: Most FWLB parameters, including this one, must be set to the same value on both ServerIrons in the
high-availability pair.
NOTE: If you use the max-conn command for a firewall, the command specifies the maximum permissible
number of connections that can be initiated from this ServerIron's direction on the firewall paths. The max-conn
command does not limit the total number of connections that can exist on the ServerIron, which includes
connections that come from the ServerIrons at the other ends of the firewall paths. For FWLB, the command to
restrict the total number of connections that can exist on the ServerIron is fw-exceed-max-drop. See “Dropping
Packets When a Firewall Reaches Its Limit” on page 5-12.
Connection Rate Control
Connection Rate Control (CRC) enables you to change the maximum number of new TCP sessions with the
ServerIrons the firewall can have per second, enter a command such as the following:
ServerIron(config-rs-FW1)# max-tcp-conn-rate 1000
Syntax: [no] max-tcp-conn-rate <num>
Syntax: [no] max-udp-conn-rate <num>
The <num> parameter specifies the maximum number of connections per second and can be a number from 1 –
65535. The default is 65535.
Limiting the Number of New Connections for an Application
The following commands limit the rate of new connections per second to TCP port 80 on firewall FW1.
ServerIron(config)# server fw-name FW1 1.2.3.4
ServerIron(config-rs-FW1)# port http
ServerIron(config-rs-FW1)# port http max-tcp-conn-rate 800
Syntax: port <TCP/UDP-portnum> max-tcp-conn-rate <num>
Syntax: port <TCP/UDP-portnum> max-udp-conn-rate <num>
The port <TCP/UDP-portnum> parameter specifies the application port.
The <num> parameter specifies the maximum number of connections per second.