Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
101102103104105106107108109110
92 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration examples with Layer 3 routing
4
DRAFT: BROCADE CONFIDENTIAL
Configuration examples with Layer 3 routing
This section shows examples of commonly used ServerIron ADX multizone FWLB deployments with
Layer 3 configurations. The ServerIron ADXs in these examples perform Layer 3 routing in addition
to Layer 2 and Layer 4–7 switching.
Generally, the steps for configuring Layer 4–7 features on a ServerIron ADX running Layer 3 are
similar to the steps on a ServerIron ADX that is not running Layer 3. The examples focus on the
Layer 3 aspects of the configurations.
This section contains the following configuration examples:
“Multizone FWLB with one sub-net and one virtual routing interface” on page 92
“Multizone FWLB with multiple sub-nets and multiple virtual routing interfaces” on page 102
NOTE
The multizone FWLB configurations shown in these examples are the ones that are supported. If you
need to use the ServerIron ADX’s Layer 3 routing support in a FWLB configuration that is not shown,
contact Brocade.
Multizone FWLB with one sub-net and one virtual routing interface
Multizone FWLB allows you to configure ServerIron ADXs to forward packets based on the
destination zone. For example, if your network consists of an Internet side, an internal side, and a
Demilitarized Zone (DMZ) in between, you can configure ServerIron ADXs to forward packets
through the firewalls to the correct zone.
When you configure multizone FWLB, you first identify a zone by configuring standard ACLs. An ACL
specifies the IP addresses (or address ranges) within the zone. When you configure the firewall
group parameters, you add the zones and define them by associating the ACLs with them. Each
zone consists of a zone number, an optional name, and a standard IP ACL that specifies the IP
addresses contained in the zone.
Figure 16 shows an example of a multizone configuration for three zones:
Zone 1 – The default zone. All sub-nets that you do not configure to be members of the other
zones are by default members of zone 1. Generally, the default zone is on the public
(non-secure) side of the firewalls.
Zone 2 – A secured zone containing two application servers.
Zone 3 – Another secured zone containing an additional application server.
The ServerIron ADXs in zone 1 perform FWLB for traffic between zone 1 and zones 2 and 3.