Firewall load balancing enhancements, Enabling firewall strict forwarding, Enabling firewall vrrpe priority – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 48
34
ServerIron ADX Security Guide
53-1002440-03
Firewall load balancing enhancements
1
Syntax: [no] client-max-conn-limit <name>
Enter the name of the max connection policy for <name>.
NOTE
When the policy is bound to a VIP, the policy limits the number of connections that a client can have
on any real server on the network.
Firewall load balancing enhancements
This section contains the following sections:
•
“Enabling firewall strict forwarding”
•
“Enabling firewall VRRPE priority”
•
“Enabling track firewall group”
•
“Enabling firewall session sync delay”
Enabling firewall strict forwarding
To enable load balancing only when traffic is going to a firewall, use the following command.
ServerIronADX(config)# server fw-strict-fwd
Syntax: server fw-strict-fwd
Use the server fw-strict-fwd command in the global configuration mode. Without this command,
when the ServerIron receives traffic that matches the firewall flow session and the traffic is not
received from a firewall, then the ServerIron assumes that it needs to be load balanced to a
firewall.
This command checks to ensure that traffic is going to a firewall and only then does the ServerIron
load balance it to a firewall.
Enabling firewall VRRPE priority
To configure VRRPE state to track the firewall group state, use the following command.
ServerIronADX(config)# server fw-g 2
ServerIronADX(config-tc-2)#fw-vrrpe-priority
ServerIronADX(config-tc-2)#
Syntax: fw-vrrpe-priority <priority>
Use the fw-vrrpe-priority command in the fw-group configuration mode. <priority > is the VRRPE
priority associated with current firewall group state. Valid values are 1 to 255.
NOTE
This command can be used with the track-fw-group command below to force VRRPE state to track
the firewall group state for a specific vrid.