Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

116 ServerIron ADX Firewall Load Balancing Guide

53-1002436-01

Configuring basic Layer 3 FWLB for NAT firewalls

DRAFT: BROCADE CONFIDENTIAL

Syntax: server fw-group 2 | 4

This command changes the CLI to the firewall group configuration level. The IPv4 address format

firewall group number is 2. The IPv6 address format firewall group number is 4. These are the only

supported firewall groups.

Syntax: [no] fw-name <string>

This command adds a configured firewall to the firewall group.

Configuring the paths and adding static MAC entries

A path is configuration information the ServerIron ADX uses to ensure that a given source and

destination IP pair is always authenticated by the same Layer 3 firewall.

Each path consists of the following parameters:

• The path ID – A number that identifies the path. The paths go from one ServerIron ADX to the

other through the firewalls.

• The ServerIron ADX port – The number of the port that connects the ServerIron ADX to the

firewall.

• The other ServerIron ADX’s or Layer 2 switch’s IP address – The management address of the

ServerIron ADX or Layer

2 switch on the other side of the firewall. The ServerIron ADX on the

private network side and the other ServerIron ADX or Layer 2 switch are the endpoints of the

data path through the firewall.

• The next-hop IP address – The IP address of the firewall interface connected to this ServerIron

ADX.

For each type of firewall (Layer 3 synchronous and asynchronous, with or without NAT), you must

configure paths between the ServerIron ADXs through the firewalls.

In addition to configuring the paths, you must create a static MAC entry for each firewall interface

attached to the ServerIron ADX.

NOTE

FWLB paths must be fully meshed. When you configure a FWLB path on a ServerIron ADX, make sure

you also configure a reciprocal path on the ServerIron ADX attached to the other end of the firewalls.

For example, if you configure four paths to four separate firewalls, make sure you configure four

paths on the other ServerIron ADX.

NOTE

The static MAC entries are required. You must add a static MAC entry for each firewall interface with

the ServerIron ADX.

To configure the paths and static MAC entries for the configuration shown in Figure 2 on page 11,

enter the following commands. Enter the first group of commands on ServerIron ADX A. Enter the

second group of commands on ServerIron ADX B.

Commands for ServerIron ADX A (external)

ServerIronADX-A(config)# server fw-group 2

ServerIronADX-A(config-fw-2)# fwall-info 1 1 10.10.10.30 209.157.23.108

ServerIronADX-A(config-fw-2)# fwall-info 2 2 10.10.10.30 209.157.23.109

ServerIronADX-A(config-fw-2)# exit