Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

100

ServerIron ADX Firewall Load Balancing Guide 87

53-1002436-01

Configuration example for a high-availability multizone FWLB

DRAFT: BROCADE CONFIDENTIAL

Zone1-SI-S(config-vlan-1)# exit

Zone1-SI-S(config)# write memory

Zone1-SI-S(config)# exit

Zone1-SI-S# reload

Commands on Zone2-SI-A in zone 2

The following commands configure ServerIron ADX “Zone2-SI-A” on the left side of zone 2 in

Figure 14 on page 79. The configuration is similar to the one for the active ServerIron ADX in zone

1, with the following exceptions:

• The management IP address is different.

• The default gateway goes to a different interface on FW1.

• The paths are different due to the ServerIron ADX’s placement in the network. (However, like

Zone1-SI-A and Zone1-SI-S, ServerIron ADX Zone1-SI-S has a path through each firewall to

each of the ServerIron ADXs in the other zones, and has a path to its directly attached router.)

• Only one ACL and zone definition are configured for zone 3. Because this ServerIron ADX is in

zone 2, the configuration does not include an ACL and zone definition for the zone. This

ServerIron ADX also does not contain an ACL or zone definition for zone 1. As a result, by

default, this ServerIron ADX forwards packets that are not addressed to the ServerIron ADX’s

own sub-net, or to a sub-net in zone 3, to zone 1.

ServerIronADX(config)# hostname Zone2-SI-A

Zone2-SI-A(config)# ip address 209.157.24.15 255.255.255.0

Zone2-SI-A(config)# ip default-gateway 209.157.25.1

Zone2-SI-A(config)# no span

Zone2-SI-A(config)# server router-ports 5

Zone2-SI-A(config)# server fw-port 9

Zone2-SI-A(config)# trunk switch ethernet 9 to 10

Zone2-SI-A(config)# trunk deploy

Zone2-SI-A(config)# vlan 10 by port

Zone2-SI-A(config-vlan-10)# untagged 9 to 10

Zone2-SI-A(config-vlan-10)# exit

Zone2-SI-A(config)# vlan 1

Zone2-SI-A(config-vlan-1)# always-active

Zone2-SI-A(config-vlan-1)# exit

Zone2-SI-A(config)# server fw-name FW1 209.157.25.1

Zone2-SI-A(config-rs-FW1)# exit

Zone2-SI-A(config)# server fw-name FW2 209.157.25.254

Zone2-SI-A(config-rs-FW2)# exit

Zone2-SI-A(config)# access-list 3 permit 209.157.23.0 0.0.0.255

Zone2-SI-A(config)# server fw-group 2

Zone2-SI-A(config-fw-2)# fwall-zone Zone3 3 3

Zone2-SI-A(config-fw-2)# fw-name FW1

Zone2-SI-A(config-fw-2)# fw-name FW2

Zone2-SI-A(config-fw-2)# l2-fwall

Zone2-SI-A(config-fw-2)# sym-priority 255

Zone2-SI-A(config-fw-2)# fwall-info 1 1 209.157.23.11 209.157.25.1

Zone2-SI-A(config-fw-2)# fwall-info 2 1 209.157.23.12 209.157.25.1

Zone2-SI-A(config-fw-2)# fwall-info 3 1 209.157.24.13 209.157.25.1

Zone2-SI-A(config-fw-2)# fwall-info 4 1 209.157.24.14 209.157.25.1

Zone2-SI-A(config-fw-2)# fwall-info 5 16 209.157.23.11 209.157.25.254

Zone2-SI-A(config-fw-2)# fwall-info 6 16 209.157.23.12 209.157.25.254

Zone2-SI-A(config-fw-2)# fwall-info 7 16 209.157.24.13 209.157.25.254

Zone2-SI-A(config-fw-2)# fwall-info 8 16 209.157.24.14 209.157.25.254

Zone2-SI-A(config-fw-2)# fwall-info 9 5 209.157.25.200 209.157.25.200

Zone2-SI-A(config-fw-2)# exit