Technical data
174 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Denying FWLB for specific applications
A
DRAFT: BROCADE CONFIDENTIAL
Syntax: [no] weight <least-connections-weight>
The <least-connections-weight> parameter assigns a weight to the firewall. This weight determines
the percentage of new connections the firewall receives relative to the other firewalls.
NOTE
The weight command has a second parameter, <response-time-weight>. This parameter is valid for
real servers in SLB configurations but is not valid for FWLB.
Denying FWLB for specific applications
You can deny FWLB for specific applications while still permitting FWLB for other applications. For
example, you can deny FWLB for HTTP traffic (TCP port 80) while still providing FWLB for other types
of traffic.
This feature is useful when your network is configured to send all traffic for a given application to
the same firewall. For example,
Figure 25 shows a network in which the routers are configured to
send all HTTP traffic through firewall FW1.
FIGURE 25 FWLB denied for application traffic
In this example, the network is configured as follows:
• The WAN access router has a default route that identifies IP address 209.157.22.3 on FW1 as
the next-hop gateway.
• The LAN router has a default route that identifies IP address 209.157.23.1 (also on FW1) as
the next-hop gateway.
Internet
WAN Access Router
Contains default route
that uses 209.157.22.3
(FW1) as the next-hop
gateway.
ServerIron A
209.157.22.2
Contains ACL to deny FWLB
for traffic with destination TCP
port 80 (HTTP).
Firewall FW1 receives
all HTTP traffic.
Port e3
Port e5
Port e2
Port e1
ServerIron B
209.157.23.3
LAN Router
Contains detault route
that uses 209.157.23.1
(FW1) as the next-hop
gateway.
Contains ACL to deny FWLB
for traffic with destination TCP
port 80 (HTTP).
IP:
209.157.22.3
MAC: abcd.4321.34e0
IP:
209.157.22.4
MAC: abcd.4321.34e1
IP:
209.157.23.1
MAC: abcd.4321.34e2
IP:
209.157.23.2
MAC: abcd.4321.34e3
Firewall
FW2
Firewall
FW1