Technical data
Firewall Load Balancing Guide
6 - 18 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Zone3-SI-S(config-tc-2)# fwall-info 6 16 209.157.25.16 209.157.23.1
Zone3-SI-S(config-tc-2)# fwall-info 7 1 209.157.25.15 209.157.23.1
Zone3-SI-S(config-tc-2)# fwall-info 8 1 209.157.25.16 209.157.23.254
Zone3-SI-S(config-tc-2)# fwall-info 9 5 209.157.23.15 209.157.23.15
Zone3-SI-S(config-tc-2)# exit
Zone3-SI-S(config)# vlan 1
Zone3-SI-S(config-vlan-1)# static-mac-address abcd.5200.3489 ethernet 1
high-priority router-type
Zone3-SI-S(config-vlan-1)# static-mac-address abcd.5200.0b4c ethernet 16
high-priority router-type
Zone3-SI-S(config-vlan-1)# exit
Zone3-SI-S(config)# write memory
Zone3-SI-S(config)# exit
Zone3-SI-S# reload
IronClad FWLB configurations require each ServerIron in an active-standby pair to have a link to each of the
firewalls for which the ServerIrons are providing load balancing.
If the firewalls are multi-homed (allow more than one connection on each side of the protected network), then it is
possible to connect each ServerIron to all the firewalls directly. Figure 6.3 on page 6-18 shows an example of this
type of configuration.
Figure 6.3 IronClad FWLB configuration with multi-homed firewalls
In this example, each firewall has four interfaces. Each interface goes to a ServerIron.
NOTE: If the firewalls are not multi-homed, you need to use additional devices, typically Layer 2 switches, to
provide the redundant links. shows an example of an IronClad FWLB configuration that uses Layer 2 switches to
provide multi-homing between the ServerIron and firewalls.
Internal Router
Internet
External Router
Standby
ServerIron A
Standby
ServerIron B
Active
ServerIron B
Active
ServerIron A
1.1.1.20
2.2.2.20
3.3.3.20
3.3.3.10
1.1.1.10
2.2.2.10
4.4.4.10
4.4.4.20
1.1.1.4
4.4.4.4
3.3.3.4
2.2.2.4
1.1.1.3
4.4.4.3
3.3.3.3
2.2.2.3
Port e8
Port e8
FW1
FW2
SI-A
SI-A
SI-B
SI-B
SI-A
Port e8
Port e8
Port e1
Port e1
Port e1
Port e2
Port e2
Port e2
Port e2
Port e1