Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
919293949596979899100
80 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring highly-availability multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
To configure ServerIron ADXs for IronClad multizone FWLB, perform the following tasks:
Configure global system parameters.
These parameters include the ServerIron ADX IP address and default gateway. You also need to
globally disable the Spanning Tree Protocol (STP). Disabling STP is required for this
configuration.
Configure global FWLB parameters:
- Identify the synchronization port, which is the port connected to this ServerIron ADX’s
high-availability partner and place the port in a separate Layer port-based VLAN, as an
untagged port. (This task applies only to high-availability configurations.)
- Identify the port connected to the router.
- Enable the always-active feature for the VLAN that contains all the ports except the
synchronization link.
Configure a standard ACL for each zone that the ServerIron ADX is not a member, except
zone
1.
The ACLs identify the IP addresses or address ranges in the other zones. If you leave zone 1
undefined, all IP addresses that are not in this ServerIron ADX’s own sub-net and are not
members of zones configured on the ServerIron ADX are assumed to be members of zone 1.
If the ServerIron ADX is a member of zone 1, configure a standard ACL for all but one of the
other zones. In this example, configure an ACL for the DMZ zone (zone 3). The ServerIron ADX
will forward traffic that is not addressed to its own sub-net, and not addressed to zone 2, to the
other zone (zone 3) automatically.
Configure firewall parameters:
Define the firewalls and add them to the firewall group. Each firewall consists of a name and
the IP address of its interface with the ServerIron ADX.
Configure firewall group parameters:
- Configure the zones. Each zone definition consists of a number, an optional name, and the
ACL that specifies the IP addresses in the zone. Refer to Table 3 for the maximum number
of zones and paths supported on the ServerIron ADX ADX.
- Configure the paths and add static MAC entries for the firewall interfaces with the
ServerIron ADX. Configure a separate path through each firewall to each ServerIron ADX.
You also need to configure a path from each ServerIron ADX to the routers attached to the
ServerIron ADX.
- Specify the ServerIron ADX priority. The ServerIron ADX with the higher priority value is the
ServerIron ADX in the active-standby pair that is active by default.
Save the configuration to the startup-config file.