Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
11121314151617181920
ServerIron ADX Firewall Load Balancing Guide 3
53-1002436-01
Understanding ServerIron FWLB
1
DRAFT: BROCADE CONFIDENTIAL
To see examples of IPv6 configurations, refer to the following:
“IPv6 example for basic Layer 3 FWLB” on page 24
“IPv6 example for FWLB with one sub-net and one virtual routing interface” on page 29
“IPv6 example for FWLB with multiple sub-nets and virtual routing interfaces” on page 34
Firewall environments
ServerIron supports load balancing across the following firewall environments:
Synchronous firewall environments
In general, firewalls that are synchronized allow the in and out traffic of conversations to pass
through multiple firewalls. The firewalls exchange information about the conversation so that the
inbound or outbound traffic for the conversation does not need to be revalidated each time it tries
to use a different firewall. Although the firewalls themselves are synchronized, you will still need to
configure paths on the ServerIron ADXs.
Asynchronous firewall environments
Asynchronous firewalls do not exchange information about conversations. New traffic must be
revalidated each time it arrives at a new firewall. The path information you configure on the
ServerIron ADX ensures that the traffic for a flow is sent to the firewall associated with that flow,
thus reducing the overhead caused by needless revalidations.
NAT firewall environments
Firewalls that perform NAT can translate private network addresses (for example, 10.0.0.1) on the
private side of the firewall into Internet addresses (for example, 209.157.22.26) on the public side
of the firewall.
[no] show fw-health-check-stats Use this command to display firewall group health check statistics.
ServerIronADX 3018# show fw-health-check-stats
For more information, refer to “Displaying firewall health check policy statistics” on
page 9.
[no] debug fwlb ipv6 health-check Use these commands to debug a firewall group health check.
ServerIronADX_3007#debug fwlb ipv6 health-check
ServerIronADX_3007#show debug
For more information, refer to “Firewall health check debug” on page 10.
[no] debug fwlb ipv6
health-check-error
Use these commands to debug a firewall group health check errors.
ServerIronADX_3007#debug fwlb ipv6 health-check-error
ServerIronADX_3007#show debug
For more information, refer to “Firewall health check debug” on page 10.
TABLE 1 Commands affected by IPv6
Command Definition/Example