Technical data
ServerIron ADX Firewall Load Balancing Guide 23
53-1002436-01
Configuration example for basic Layer 3 FWLB
2
DRAFT: BROCADE CONFIDENTIAL
The following commands configure parameters for firewall group (group 2 for IPv4 addresses). The
fwall-info commands configure the paths for the firewall traffic. Each path consists of a path ID, the
ServerIron ADX port attached to the firewall, the IP address of the ServerIron ADX at the other end
of the path, and the next-hop IP address (usually the firewall interface connected to this ServerIron
ADX). Make sure you configure reciprocal paths on the other ServerIron ADX, as shown in the
section containing the CLI commands for ServerIron ADX B.
NOTE
Path information is required even if the firewalls are synchronized.
The fw-name <firewall-name> command adds the firewalls to the firewall group.
ServerIron ADXA(config)# server fw-group 2
ServerIron ADXA(config-fw-2)# fw-name FW1-IPin
ServerIron ADXA(config-fw-2)# fw-name FW2-IPin
ServerIron ADXA(config-fw-2)# fwall-info 1 3 209.157.23.3 209.157.22.3
ServerIron ADXA(config-fw-2)# fwall-info 2 5 209.157.23.3 209.157.22.4
ServerIron ADXA(config-fw-2)# exit
The following commands add static MAC entries for the MAC addresses of the firewall interfaces
connected to the ServerIron ADX. Notice that the QoS priority is configured as priority 1 and the
router-type parameter is specified. These parameters are required.
NOTE
To ensure proper operation, always configure the path IDs so that the IDs consistently range from
the lowest path ID to the highest path ID for the firewalls. For example, in Figure 2 on page 11, the
path IDs should range from lowest to highest beginning with the firewall interface at the upper left
of the figure.
To ensure smooth operation, you might want to depict your firewalls in a vertical hierarchy as in
Figure 2 on page 11, label the interfaces with their IP addresses, and then configure the paths so
that the path IDs to the interfaces range from lowest to highest path ID starting from the uppermost
firewall interface.
ServerIron ADXA(config-vlan-1)# static-mac-address abcd.4321.34e0 ethernet 3
priority 1 router-type
ServerIron ADXA(config-vlan-1)# static-mac-address abcd.4321.34e1 ethernet 5
priority 1 router-type
ServerIron ADXA(config)# write memory
Commands on ServerIron ADX B (internal)
Enter the following commands to configure FWLB on ServerIron ADX B. Notice that the fwall-info
commands configure paths that are reciprocal to the paths configured on ServerIron ADX A. Path 1
on each ServerIron ADX goes through one of the firewalls, while path 2 goes through the other
firewall.
ServerIron ADXB(config)# server fw-name FW1-IPout 209.157.23.1
ServerIron ADXB(config-rs-FW1-IPout)# exit
ServerIron ADXB(config)# server fw-name FW2-IPout 209.157.23.2
ServerIron ADXB(config-rs-FW2-IPout)# exit
ServerIron ADXB(config)# server fw-group 2
ServerIron ADXB(config-fw-2)# fw-name FW1-IPout
ServerIron ADXB(config-fw-2)# fw-name FW2-IPout