Technical data
102 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration examples with Layer 3 routing
4
DRAFT: BROCADE CONFIDENTIAL
Zone3-SI-A(config)# server real-name sr1 10.10.3.41
Zone3-SI-A(config-rs-sr1)# port http
Zone3-SI-A(config-rs-sr1)# exit
Zone3-SI-A(config)# server real-name sr2 10.10.3.43
Zone3-SI-A(config-rs-sr2)# port http
Zone3-SI-A(config-rs-sr2)# exit
Zone3-SI-A(config)# server virtual www.sr.com 10.10.3.10
Zone3-SI-A(config-vs-www.rs.com)# port http
Zone3-SI-A(config-vs-www.web.com)# bind http sr2 http sr1 http
Zone3-SI-A(config-vs-www.web.com)# exit
Zone3-SI-A(config)# server fw-slb
Zone3-SI-A(config)# write memory
Multizone FWLB with multiple sub-nets and
multiple virtual routing interfaces
Figure 17 shows an example of a multizone FWLB configuration in which each ServerIron ADX is
configured with multiple sub-nets and multiple virtual routing interfaces. The configuration is
similar to the one in
Figure 16 on page 93, but differs in the following ways:
• The ServerIron ADXs configured in active-active pairs have four port-based VLANs. VLAN 10 is
for the synchronization link between the ServerIron ADXs. The default VLAN (VLAN 1) is not
configured with a routing interface. VLANs 2 and 20 are configured with virtual routing
interfaces.
• The ServerIron ADXs in zone 1 are configured with a static IP route to the sub-net that the
external client is on.
• Static MAC entries are not required and thus are not included for the firewall interfaces.
• More than one standard IP ACL is configured on each ServerIron ADX, because more than one
sub-net is a member of each zone.