Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
51525354555657585960
46 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring HA active-active FWLB
3
DRAFT: BROCADE CONFIDENTIAL
Changing the maximum number of sessions
To change the maximum number of sessions the firewall can have on the high-availability pair of
ServerIron ADXs, enter the following command.
ServerIronADX(config-rs-FW1)# max-conn 145000
Syntax: [no] max-conn <num>
The <num> variable specifies the maximum and can be from 1 through 2,000,000. This maximum
applies to both the ServerIron ADX and its high-availability partner.
NOTE
Most FWLB parameters, including this one, must be set to the same value on both ServerIron ADXs
in the high-availability pair.
NOTE
If you use the max-conn command for a firewall, the command specifies the maximum permissible
number of connections that can be initiated from this ServerIron ADX's direction on the firewall
paths. The max-conn command does not limit the total number of connections that can exist on the
ServerIron ADX, which includes connections that come from the ServerIron ADXs at the other ends
of the firewall paths. For FWLB, the command to restrict the total number of connections that can
exist on the ServerIron ADX is fw-exceed-max-drop. Refer to “Dropping packets when a firewall
reaches its limit” on page 50.
Connection rate control
Connection rate control enables you to change the maximum number of new TCP or UDP sessions
with the ServerIron ADXs the firewall can have per second.
ServerIronADX(config-rs-FW1)# max-tcp-conn-rate 1000
Syntax: [no] max-tcp-conn-rate <num>
Syntax: [no] max-udp-conn-rate <num>
The <num> variable specifies the maximum number of connections per second and can be a
number from 1 through 65535. The default is 65535.
Limiting the number of new connections for an application
The following commands limit the rate of new connections per second to TCP port 80 on firewall
FW1.
ServerIronADX(config)# server fw-name FW1 1.2.3.4
ServerIronADX(config-rs-FW1)# port http
ServerIronADX(config-rs-FW1)# port http max-tcp-conn-rate 800
Syntax: port <TCP/UDP-portnum> max-tcp-conn-rate <num>
Syntax: port <TCP/UDP-portnum> max-udp-conn-rate <num>
The port <TCP/UDP-portnum> parameter specifies the application port.
The <num> variable specifies the maximum number of connections per second.