Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
71727374757677787980
Firewall Load Balancing Guide
6 - 8 © 2012 Brocade Communications Systems, Inc. May 31, 2012
This example also uses a simplified topology. Instead of using Layer 2 switches and redundant links to provide
failover data paths from the devices on the left side to the devices on the right side, this configuration uses
additional links between the ServerIrons. The L2-fwall and always-active options enable you to use this type of
simplified topology. The L2-fwall option prevents data loops by blocking traffic on the standby ServerIron, while
the always-active option allows the standby ServerIrons to pass traffic to their active partners for forwarding.
Figure 6.2 High-availability configuration with separate firewall zones
To configure ServerIrons for IronClad multi-zone FWLB, performs the following tasks:
Configure global system parameters. These parameters include the ServerIron IP address and default
gateway. You also need to globally disable the Spanning Tree Protocol (STP). Disabling STP is required for
this configuration.
Configure global FWLB parameters:
Globally enable FWLB.
Identify the synchronization port, which is the port connected to this ServerIron’s high-availability partner
and place the port in a separate Layer port-based VLAN, as an untagged port. (This task applies only to
high-availability configurations.)
Identify the port connected to the router.
Enable the always-active feature for the VLAN that contains all the ports except the synchronization link.
Note: When undefined,
Zone 1 contains all
addresses not in the other
zones.
DMZ Router
Internal Router
Internal Router
DMZ Router
WAN Router
Internet
WAN Router
209.157.24.250/24
209.157.24.251/24
209.157.24.13/24
209.157.24.14/24
209.157.24.1/24
209.157.24.254/24
Port 5 Ports 9 and 10 Ports 9 and 10 Port 5
Port 16
Port 1
Port 16
Port 16
Port 16
Port 5
Port 5
Port 16
Port 5
Port 5
Port 16
Port 1
Port 1
Port 1
Port 1
Port 1
Port 9 and 10
Port 9 and 10
Port 9 and 10 Port 9 and 10
FW1
209.157.25.16/24
209.157.23.11/24
209.157.25.15/24
209.157.23.12/24
209.157.23.15/24
209.157.25.200/24
209.157.23.16/24
209.157.25.201/24
209.157.25.1/24
209.157.23.254/24
209.157.23.1/24
209.157.25.254/24
FW2
SI-A
SI-ASI-A SI-S
SI-A SI-S
SI-S
Zone 1
Zone 2
Zone 3
Zone 2 = 209.157.25.0/24 - 209.157.25.255/24 Zone 2 = 209.157.23.0/24 - 209.157.23.255/24