Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

ServerIron ADX Firewall Load Balancing Guide 117

53-1002436-01

Configuring basic Layer 3 FWLB for NAT firewalls

DRAFT: BROCADE CONFIDENTIAL

ServerIronADX-A(config)# static-mac-address abcd.da10.dc2c ethernet 1 priority 1

router-type

ServerIronADX-A(config)# static-mac-address abcd.da10.dc3f ethernet 2 priority 1

router-type

Commands for ServerIron ADX B (internal)

ServerIronADX-B(config)# server fw-group 2

ServerIronADX-B(config-fw-2)# fwall-info 1 1 209.157.23.106 10.10.10.10

ServerIronADX-B(config-fw-2)# fwall-info 2 2 209.157.23.106 10.10.10.11

ServerIronADX-B(config-fw-2)# exit

ServerIronADX-B(config)# static-mac-address abcd.da68.6655 ethernet 1 priority 1

router-type

ServerIronADX-B(config)# static-mac-address abcd.da68.6104 ethernet 2 priority 1

router-type

Syntax: server fw-group 2 | 4

This command changes the CLI to the firewall group configuration level. The IPv4 address format

firewall group number is 2. The IPv6 address format firewall group number is 4. These are the only

supported firewall groups.

Syntax: (IPv4) [no] fwall-info <path-num> <portnum> <other-ip> <next-hop-ip>

Syntax: (IPv6) [no] fwall-info <path-num> <portnum> <other-ipv6> <next-hop-ipv6>

NOTE

The other IP address and next-hop IP address parameters must be both IPv4 addresses or both IPv6

addresses. IPv4 and IPv6 addresses cannot be mixed.

NOTE

You must use IPv4 addresses for IPv4 firewalls and IPv6 addresses for IPv6 firewalls. If the same

firewall supports both IPv4 and IPv6, you must configure them separately under group 2 (IPv4) and

group 4 (IPv6).

The <path-num> parameter specifies the path. The sequence of path IDs must be contiguous from

start to finish.

The <portnum> parameter specifies the port that connects the ServerIron ADX to the firewall. If the

port number is dynamic, use port number 65535.

The <other-ip> parameter specifies the IPv4 address of the ServerIron ADX on the other side of the

firewall.

The <next-hop-ip> parameter specifies the IPv4 address of the firewall connected to this ServerIron

ADX.

The <other-ipv6> parameter specifies the IPv6 address of the ServerIron ADX on the other side of

the firewall.

The <next-hop-ipv6> parameter specifies the IPv6 address of the firewall connected to this

ServerIron ADX.