Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

179

180

181

182

183

184

185

186

187

188

170 ServerIron ADX Firewall Load Balancing Guide

53-1002436-01

Customizing path health checks

DRAFT: BROCADE CONFIDENTIAL

Enabling Layer 4 path health checks for FWLB

By default, the ServerIron ADX performs Layer 3 health checks of firewall paths, but does not

perform Layer 4 health checks of the paths. You can configure the ServerIron ADXs in an FWLB

configuration to use Layer 4 health checks instead of Layer 3 health checks for firewall paths.

When you configure a Layer 4 health check, the Layer 3 (ICMP) health check, which is used by

default, is disabled.

NOTE

The Layer 4 health check applies only to firewall paths. The ServerIron ADX always uses a Layer 3

(ICMP) health check to test the path to the router.

When you configure a Layer 4 health check for firewall paths, the ServerIron ADX sends Layer 4

health checks and also responds at Layer 4 to health checks from the ServerIron ADX at the other

end of the firewall path.

To configure a Layer 4 health check, specify the protocol (TCP or UDP). Optionally, you also can

specify the port:

• UDP – The ServerIron ADX sends and listens for path health check packets on the port you

specify. If you do not specify a port, the ServerIron ADX uses port 7777 by default. The port

number is used as both the source and destination UDP port number in the health check

packets.

• TCP – The ServerIron ADX listens for path health check packets on the port you specify, but

sends them using a randomly generated port number. If you do not specify a port, the

ServerIron ADX uses port 999 as the destination port by default.

NOTE

You must configure the same Layer 4 health check parameters on all the ServerIron ADXs in the

FWLB configuration. Otherwise, the paths will fail the health checks.

To configure a Layer 4 health check for firewall paths, enter a command such as the following at

the firewall group configuration level.

ServerIronADX(config-fw-2)# fw-health-check udp

The command in this example enables Layer 4 health checks on UDP port 7777. This ServerIron

ADX sends firewall path health checks to UDP port 7777 and listens for health checks on UDP port

7777.

Syntax: [no] fw-health-check udp | tcp [<tcp/udp-portnum> <num>]

The <tcp/udp-portnum> parameter specifies the TCP or UDP port and can be a number in one of

the following ranges:

• For TCP, from 1 through 65535

NOTE

Do not use port 80 or port 443 for the FWLB TCP health check. Using port 80 or port 443

affects HTTP and HTTPs traffic.

• For UDP, from 2033 through 65535

NOTE

Do not use a port number less than 2033 for the FWLB UDP health check.