Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

131

132

133

134

135

136

137

138

139

140

ServerIron ADX Firewall Load Balancing Guide 123

53-1002436-01

Configuring IronClad Layer 3 FWLB for NAT

DRAFT: BROCADE CONFIDENTIAL

Specifying the partner port

If you are configuring the ServerIron ADX for IronClad FWLB, you need to specify the port number of

the dedicated link between the ServerIron ADX and its partner.

To specify the port, enter a command such as the following at the global CLI level.

ServerIronADX(config)# server fw-port 5

Syntax: [no] server fw-port <portnum>

If the link between the two ServerIron ADXs is a trunk group (recommended for added redundancy),

specify the port number of the primary port. The primary port is the first port in the trunk group.

Specifying the router ports

IronClad FWLB configurations require paths to the routers as part of the active-standby

configuration for the ServerIron ADXs. You must identify the ports on the ServerIron ADX that are

attached to the routers.

To identify port 8 on a ServerIron ADX as a router port, enter the following command.

ServerIronADX(config)# server router-port 8

Syntax: [no] server router-port <portnum>

NOTE

To define multiple router ports on a switch, enter the port numbers separated by blanks. You can

enter up to eight router ports in a single command line. To enter more than eight ports, enter the

server router-port command again with the additional ports.

Defining the firewalls and adding them to the firewall group

When FWLB is enabled, all the ServerIron ADX ports are in firewall group 2 by default. However, you

must add an entry for each firewall. To add an entry for a firewall, specify the firewall name and IP

address. You can specify a name up to 32 characters long. After you add the firewall entries, add

the firewalls to the firewall group.

To define the firewalls shown in Figure 19 on page 122, use the following method.

Commands for active ServerIron ADX A (external active)

SI-ActiveA(config)# server fw-name fw1 192.168.1.2

SI-ActiveA(config-rs-fw1)# exit

SI-ActiveA(config)# server fw-name fw2 192.168.1.3

SI-ActiveA(config-rs-fw2)# exit

SI-ActiveA(config)# server fw-group 2

SI-ActiveA(config-fw-2)# fw-name fw1

SI-ActiveA(config-fw-2)# fw-name fw2

Configure NAT address parameters

Disable load balancing for the NAT addresses page 128

TABLE 7 IronClad FWLB for NAT firewalls configuration tasks (Continued)

Task Reference