Technical data
Firewall Load Balancing Guide
6 - 6 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Zone1-SI(config)# static-mac-address abcd.5200.0b50 ethernet 16 high-priority
router-type
Each command includes the MAC address of the firewall’s interface with the ServerIron and the ServerIron port
that is connected to the firewall. The high-priority and router-type parameters identify the MAC entry type and
are required.
NOTE: The syntax for the static-mac-address command is slightly different on ServerIron Chassis devices.
Instead of a port number, you specify a slot and port number. For the priority, specify priority 7 instead of high-
priority.
The following command saves the configuration information to the ServerIron’s startup-config file on flash memory.
You must save the configuration information before reloading the software or powering down the device.
Otherwise, the information is lost.
Zone1-SI(config)# write memory
Commands on Zone2-SI in Zone 2
The following commands configure ServerIron “Zone2-SI” in zone 2 in Figure 6.1 on page 6-3. The configuration is
similar to the one for Zone1-SI, with the following exceptions:
• The management IP address is different.
• The default gateway goes to a different interface on FW1.
• The paths are different due to the ServerIron’s placement in the network. (However, like Zone1-SI, ServerIron
Zone2-SI has a path through each firewall to the ServerIrons in the other zones, and has a path to its directly
attached router.)
• An ACL and zone definition are configured for zone 3. Since this ServerIron is in zone 2, the configuration
does not include an ACL and zone definition for zone 2. This ServerIron also does not contain an ACL or zone
definition for zone 1. As a result, by default this ServerIron forwards packets that are not addressed to the
ServerIron’s own sub-net or to a sub-net in zone 3, to zone 1.
ServerIron(config)# hostname Zone2-SI
Zone2-SI(config)# ip address 209.157.24.15 255.255.255.0
Zone2-SI(config)# ip default-gateway 209.157.25.1
Zone2-SI(config)# ip policy 1 fw tcp 0 global
Zone2-SI(config)# ip policy 2 fw udp 0 global
Zone2-SI(config)# no span
Zone2-SI(config)# server router-ports 5
Zone2-SI(config)# server fw-name FW1 209.157.25.1
Zone2-SI(config-rs-FW1)# exit
Zone2-SI(config)# server fw-name FW2 209.157.25.254
Zone2-SI(config-rs-FW2)# exit
Zone2-SI(config)# access-list 3 permit 209.157.23.0 0.0.0.255
Zone2-SI(config)# server fw-group 2
Zone2-SI(config-tc-2)# fwall-zone Zone3 3 3
Zone2-SI(config-tc-2)# fw-name FW1
Zone2-SI(config-tc-2)# fw-name FW2
Zone2-SI(config-tc-2)# fwall-info 1 1 209.157.25.15 209.157.24.1
Zone2-SI(config-tc-2)# fwall-info 2 16 209.157.23.11 209.157.24.1
Zone2-SI(config-tc-2)# fwall-info 3 16 209.157.25.15 209.157.24.254
Zone2-SI(config-tc-2)# fwall-info 4 1 209.157.23.11 209.157.24.254
Zone2-SI(config-tc-2)# fwall-info 5 5 209.157.25.200 209.157.25.200
Zone2-SI(config-tc-2)# exit
Zone2-SI(config)# static-mac-address abcd.5200.348b ethernet 1 high-priority router-
type
Zone2-SI(config)# static-mac-address abcd.5200.0b4e ethernet 16 high-priority
router-type
Zone2-SI(config)# write memory