Technical data
Firewall Load Balancing Guide
6 - 16 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Zone2-SI-S(config-vlan-1)# always-active
Zone2-SI-S(config-vlan-1)# exit
Zone2-SI-S(config)# server fw-name FW1 209.157.25.1
Zone2-SI-S(config-rs-FW1)# exit
Zone2-SI-S(config)# server fw-name FW2 209.157.25.254
Zone2-SI-S(config-rs-FW2)# exit
Zone2-SI-S(config)# access-list 3 permit 209.157.23.0 0.0.0.255
Zone2-SI-S(config)# server fw-group 2
Zone2-SI-S(config-tc-2)# fwall-zone Zone3 3 3
Zone2-SI-S(config-tc-2)# fw-name FW1
Zone2-SI-S(config-tc-2)# fw-name FW2
Zone2-SI-S(config-tc-2)# l2-fwall
Zone2-SI-S(config-tc-2)# sym-priority 1
Zone2-SI-S(config-tc-2)# fwall-info 1 16 209.157.23.11 209.157.25.1
Zone2-SI-S(config-tc-2)# fwall-info 2 16 209.157.23.12 209.157.25.1
Zone2-SI-S(config-tc-2)# fwall-info 3 16 209.157.24.13 209.157.25.1
Zone2-SI-S(config-tc-2)# fwall-info 4 16 209.157.24.14 209.157.25.1
Zone2-SI-S(config-tc-2)# fwall-info 5 1 209.157.23.11 209.157.25.254
Zone2-SI-S(config-tc-2)# fwall-info 6 1 209.157.23.12 209.157.25.254
Zone2-SI-S(config-tc-2)# fwall-info 7 1 209.157.24.13 209.157.25.254
Zone2-SI-S(config-tc-2)# fwall-info 8 1 209.157.24.14 209.157.25.254
Zone2-SI-S(config-tc-2)# fwall-info 9 5 209.157.25.200 209.157.25.201
Zone2-SI-S(config-tc-2)# exit
Zone2-SI-S(config)# vlan 1
Zone2-SI-S(config-vlan-1)# static-mac-address abcd.5200.348b ethernet 1 high-
priority router-type
Zone2-SI-S(config-vlan-1)# static-mac-address abcd.5200.0b4e ethernet 16 high-
priority router-type
Zone2-SI-S(config-vlan-1)# exit
Zone2-SI-S(config)# write memory
Zone2-SI-S(config)# exit
Zone2-SI-S# reload
Commands on Zone3-SI-A in Zone 3
The following commands configure ServerIron “Zone3-SI-A”, on the left side of zone 3 in Figure 6.2 on page 6-8.
ServerIron(config)# hostname Zone3-SI-A
Zone3-SI-A(config)# ip address 209.157.23.11 255.255.255.0
Zone3-SI-A(config)# ip default-gateway 209.157.23.1
Zone3-SI-A(config)# no span
Zone3-SI-A(config)# ip policy 1 fw tcp 0 global
Zone3-SI-A(config)# ip policy 2 fw udp 0 global
Zone3-SI-A(config)# server router-ports 5
Zone3-SI-A(config)# server fw-port 9
Zone3-SI-A(config)# trunk switch ethernet 9 to 10
Zone3-SI-A(config)# vlan 10 by port
Zone3-SI-A(config-vlan-10)# untagged 9 to 10
Zone3-SI-A(config-vlan-10)# exit
Zone3-SI-A(config)# vlan 1
Zone3-SI-A(config-vlan-1)# always-active
Zone3-SI-A(config-vlan-1)# exit
Zone3-SI-A(config)# server fw-name FW1 209.157.23.1
Zone3-SI-A(config-rs-FW1)# exit
Zone3-SI-A(config)# server fw-name FW2 209.157.23.254
Zone3-SI-A(config-rs-FW2)# exit
Zone3-SI-A(config)# access-list 2 permit 209.157.25.0 0.0.0.255
Zone3-SI-A(config)# server fw-group 2
Zone3-SI-A(config-tc-2)# fwall-zone Zone2 2 2