Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
81828384858687888990
78 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration example for basic multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
Commands on Zone3-SI in zone 3
The following commands configure ServerIron ADX “Zone3-SI” in zone 3 in Figure 13 on page 73.
The configuration is similar to the ones for the other ServerIron ADXs, with the following exceptions:
The management IP address is different.
The default gateway goes to an interface on FW2.
The paths are different due to the ServerIron ADX’s placement in the network.
An ACL and zone definition are configured for zone 2. Because this ServerIron ADX is in zone 3,
the configuration does not include an ACL and zone definition for the zone. This ServerIron ADX
also does not contain an ACL or zone definition for zone 1. As a result, by default, this
ServerIron ADX forwards packets that are not addressed to the ServerIron ADX’s own sub-net,
or to a sub-net in zone 2, to zone 1.
ServerIronADX(config)# hostname Zone3-SI
Zone3-SI(config)# ip address 209.157.23.11 255.255.255.0
Zone3-SI(config)# ip default-gateway 209.157.23.1
Zone3-SI(config)# no span
Zone3-SI(config)# server router-ports 5
Zone3-SI(config)# server fw-name FW1 209.157.23.1
Zone3-SI(config-rs-FW1)# exit
Zone3-SI(config)# server fw-name FW2 209.157.23.254
Zone3-SI(config-rs-FW2)# exit
Zone3-SI(config)# access-list 2 permit 209.157.25.0 0.0.0.255
Zone3-SI(config)# server fw-group 2
Zone3-SI(config-fw-2)# fwall-zone Zone2 2 2
Zone3-SI(config-fw-2)# fw-name FW1
Zone3-SI(config-fw-2)# fw-name FW2
Zone3-SI(config-fw-2)# fwall-info 1 16 209.157.24.13 209.157.23.1
Zone3-SI(config-fw-2)# fwall-info 2 1 209.157.24.13 209.157.23.254
Zone3-SI(config-fw-2)# fwall-info 3 16 209.157.25.15 209.157.23.1
Zone3-SI(config-fw-2)# fwall-info 4 1 209.157.25.15 209.157.23.254
Zone3-SI(config-fw-2)# fwall-info 5 5 209.157.23.15 209.157.23.15
Zone3-SI(config-fw-2)# exit
Zone3-SI(config)# static-mac-address abcd.5200.3489 ethernet 16 priority 1
router-type
Zone3-SI(config)# static-mac-address abcd.5200.0b4c ethernet 1 priority 1
router-type
Zone3-SI(config)# write memory
Zone3-SI(config)# exit