Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
51525354555657585960
ServerIron ADX Firewall Load Balancing Guide 49
53-1002436-01
Configuring HA active-active FWLB
3
DRAFT: BROCADE CONFIDENTIAL
The other ServerIron ADX’s IP address – The management address of the ServerIron ADX on
the other side of the firewall.
The next-hop IP address – The IP address of the firewall interface connected to this ServerIron
ADX.
NOTE
FWLB paths must be fully meshed. When you configure a FWLB path on a ServerIron ADX, make
sure you also configure a reciprocal path on the ServerIron ADX attached to the other end of the
firewalls. For example, if you configure four paths to four separate firewalls, make sure you configure
four paths on the other ServerIron ADX.
NOTE
In addition to configuring the paths, some configurations require a static MAC entry for each firewall
interface attached to the ServerIron ADX. Each configuration example in this guide indicates
whether the configuration requires static MAC entries. The static MAC entries are not required if the
routers are using OSPF.
To configure paths for ServerIron ADX SI-Ext-A in Figure 10 on page 40, enter the following
commands.
ServerIronADX(config-fw-2)# fwall-info 1 4/1 10.10.2.222 10.10.1.1
ServerIronADX(config-fw-2)# fwall-info 2 4/5 10.10.2.222 10.10.1.2
ServerIronADX(config-fw-2)# fwall-info 3 4/1 10.10.2.223 10.10.1.1
ServerIronADX(config-fw-2)# fwall-info 4 4/5 10.10.2.223 10.10.1.2
ServerIronADX(config-fw-2)# fwall-info 5 4/12 10.10.1.101 10.10.1.101
Syntax: (IPv4) [no] fwall-info <path-num> <portnum> <other-ip> <next-hop-ip>
Syntax: (IPv6) [no] fwall-info <path-num> <portnum> <other-ipv6> <next-hop-ipv6>
NOTE
The other IP address and next-hop IP address parameters must be both IPv4 addresses or both IPv6
addresses. IPv4 and IPv6 addresses cannot be mixed.
NOTE
You must use IPv4 addresses for IPv4 firewalls and IPv6 addresses for IPv6 firewalls. If the same
firewall supports both IPv4 and IPv6, you must configure them separately under group 2 (IPv4) and
group 4 (IPv6).
The <path-num> parameter specifies the path. The sequence of path IDs must be contiguous from
start to finish.
The <portnum> parameter specifies the port that connects the ServerIron ADX to the firewall. If the
port number is dynamic, use port number 65535.
The <other-ip> parameter specifies the IPv4 address of the ServerIron ADX on the other side of the
firewall.
The <next-hop-ip> parameter specifies the IPv4 address of the firewall connected to this ServerIron
ADX.
The <other-ipv6> parameter specifies the IPv6 address of the ServerIron ADX on the other side of
the firewall.
The <next-hop-ipv6> parameter specifies the IPv6 address of the firewall connected to this
ServerIron ADX.