Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
31323334353637383940
20 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration guidelines
2
DRAFT: BROCADE CONFIDENTIAL
Syntax: [no] fw-name <string>
Adds a configured firewall to the firewall group.
Configuring the paths and adding static MAC entries
A path is configuration information the ServerIron ADX uses to ensure that a given source and
destination IP pair is always authenticated by the same Layer 3 firewall.
Each path consists of the following parameters:
The path ID – A number that identifies the path. The paths go from one ServerIron ADX to the
other through the firewalls. On each ServerIron ADX, the sequence of path IDs must be
contiguous (with no gaps), starting with path ID 1. For example, path sequence 1, 2, 3, 4, 5 is
valid. Path sequence 1, 3, 5 or 5, 4, 3, 2, 1 is not valid.
The ServerIron ADX port – The number of the port that connects the ServerIron ADX to the
firewall. If your configuration does not require static MAC entries, you can specify a dynamic
port (65535) instead of the physical port number for firewall paths. Specifying the dynamic
port allows the ServerIron ADX to select the physical port for the path so you do not need to do
so.
The other ServerIron ADX’s IP address – The IP address of the interface or the management
address of the ServerIron ADX connected to this firewall. The ServerIron ADX on the private
network side and the other ServerIron ADX are the endpoints of the data path through the
firewall.
The next-hop IP address – The IP address of the firewall interface connected to this ServerIron
ADX.
NOTE
The other ServerIron’s IP address and next-hop IP address parameters must be both IPv4
addresses or IPv6 addresses. IPv4 and IPv6 addresses cannot be mixed.
NOTE
You must use IPv6 addresses for IPv6 firewalls and IPv4 addresses for IPv4 firewalls. If the
same firewall supports both IPv4 and IPv6, you must configure them separately under group 2
(IPv4) and group 4 (IPv6).
For each type of firewall (Layer 3 synchronous and asynchronous, with or without NAT), you must
configure paths between the ServerIron ADXs through the firewalls.
In addition to configuring the paths, you must create a static MAC entry for each firewall interface
attached to the ServerIron ADX.
NOTE
When defining a firewall router path on a port, make sure the port is a server router-port.
NOTE
FWLB paths must be fully meshed. When you configure a FWLB path on a ServerIron ADX, make sure
you also configure a reciprocal path on the ServerIron ADX attached to the other end of the firewalls.
For example, if you configure four paths to four separate firewalls, make sure you configure four
paths on the other ServerIron ADX.