Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

ServerIron ADX Firewall Load Balancing Guide 115

53-1002436-01

Configuring basic Layer 3 FWLB for NAT firewalls

DRAFT: BROCADE CONFIDENTIAL

Defining the firewalls and adding them to the firewall group

When FWLB is enabled, all the ServerIron ADX ports are in firewall group 2 by default. However, you

must add an entry for each firewall, and then add the firewalls to the firewall group. To add an entry

for a firewall, specify the firewall name and IP address. You can specify a name up to 32 characters

long.

NOTE

When static NAT is used on firewalls in FWLB configurations, the ServerIron ADX virtual routing

interface IP addresses that are in firewalls subnets should be excluded from NAT translation to

prevent the firewall paths from failing health checks.

To define the firewalls (shown in Figure 18) using the CLI, enter the following commands.

Commands for ServerIron ADX A (external)

ServerIronADX-A(config)# server fw-name fw1 209.157.23.108

ServerIronADX-A(config-rs-fw1)# exit

ServerIronADX-A(config)# server fw-name fw2 209.157.23.109

ServerIronADX-A(config-rs-fw2)# exit

ServerIronADX-A(config)# server fw-group 2

ServerIronADX-A(config-fw-2)# fw-name fw1

ServerIronADX-A(config-fw-2)# fw-name fw2

Commands for ServerIron ADX B (internal)

ServerIronADX-B(config)# server fw-name fw1 10.10.10.10

ServerIronADX-B(config-rs-fw1)# exit

ServerIronADX-B(config)# server fw-name fw2 10.10.10.11

ServerIronADX-B(config-rs-fw2)# exit

ServerIronADX-B(config)# server fw-group 2

ServerIronADX-B(config-fw-2)# fw-name fw1

ServerIronADX-B(config-fw-2)# fw-name fw2

Syntax: [no] server fw-name <string> <ip-addr>|<ipv6-addr>

NOTE

When you add a firewall name, the CLI level changes to the firewall level. This level is used when you

configure stateful FWLB.

Configure firewall group parameters

Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron

ADX

page 116

Configure NAT address parameters

Disable load balancing for the NAT addresses page 118

TABLE 6 Basic FWLB for NAT firewalls configuration tasks (Continued)

Task Reference