Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

171

172

173

174

175

176

177

178

179

180

ServerIron ADX Firewall Load Balancing Guide 167

53-1002436-01

Configuring FWLB for firewalls with active-standby NICs

DRAFT: BROCADE CONFIDENTIAL

The ServerIron ADX has only one path to each firewall, but the path uses a wildcard for the

ServerIron ADX port number. The ServerIron ADX determines the port to use for reaching the

firewall by sending an ARP request for the firewall interface. When the active link on the firewall

responds with its MAC address, the ServerIron ADX learns the port on which the response is

received and uses that port to reach the firewall.

If the firewall link goes down and the NIC fails over to the other connection, the ServerIron ADX

learns the new port for the MAC address. Generally, this occurs when the NIC sends a gratuitous

ARP to advertise the new MAC address. The ServerIron ADX learns that the link has failed when the

firewall path health check fails. The path health check consists of an IP ping to the next-hop IP

address of the path.

Configuring for active-standby firewall links

To configure firewall paths for firewalls with active-standby NICs, enter commands such as the

following. Notice that the first four paths configured for each ServerIron ADX specify 65535 as the

ServerIron ADX port number (the second parameter in the command). The last path is the path to

the router and does use a specific ServerIron ADX port instead of the wildcard (65535).

Commands for active external ServerIron ADX (SI-Ext-A)

SI-Ext-A(config)# server fw-group 2

SI-Ext-A(config-fw-2)# fwall-info 1 65535 121.212.247.244 121.212.247.226

SI-Ext-A(config-fw-2)# fwall-info 2 65535 121.212.247.245 121.212.247.226

SI-Ext-A(config-fw-2)# fwall-info 3 65535 121.212.247.244 121.212.247.227

SI-Ext-A(config-fw-2)# fwall-info 4 65535 121.212.247.245 121.212.247.227

SI-Ext-A(config-fw-2)# fwall-info 5 1 121.212.247.225 121.212.247.225

Commands for standby external ServerIron ADX (SI-Ext-S)

SI-Ext-S(config)# server fw-group 2

SI-Ext-S(config-fw-2)# fwall-info 1 65535 121.212.247.244 121.212.247.226

SI-Ext-S(config-fw-2)# fwall-info 2 65535 121.212.247.245 121.212.247.226

SI-Ext-S(config-fw-2)# fwall-info 3 65535 121.212.247.244 121.212.247.227

SI-Ext-S(config-fw-2)# fwall-info 4 65535 121.212.247.245 121.212.247.227

SI-Ext-S(config-fw-2)# fwall-info 5 1 121.212.247.230 121.212.247.230

Commands for active internal ServerIron ADX (SI-Int-A)

SI-Int-A(config)# server fw-group 2

SI-Int-A(config-fw-2)# fwall-info 1 65535 121.212.247.228 121.212.247.242

SI-Int-A(config-fw-2)# fwall-info 2 65535 121.212.247.229 121.212.247.242

SI-Int-A(config-fw-2)# fwall-info 3 65535 121.212.247.228 121.212.247.243

SI-Int-A(config-fw-2)# fwall-info 4 65535 121.212.247.229 121.212.247.243

SI-Int-A(config-fw-2)# fwall-info 5 1 121.212.247.241 121.212.247.241

Commands for standby internal ServerIron ADX (SI-Int-S)

SI-Int-S(config)# server fw-group 2

SI-Int-S(config-fw-2)# fwall-info 1 65535 121.212.247.228 121.212.247.242

SI-Int-S(config-fw-2)# fwall-info 2 65535 121.212.247.229 121.212.247.242

SI-Int-S(config-fw-2)# fwall-info 3 65535 121.212.247.228 121.212.247.243

SI-Int-S(config-fw-2)# fwall-info 4 65535 121.212.247.229 121.212.247.243

SI-Int-S(config-fw-2)# fwall-info 5 1 121.212.247.246 121.212.247.246