Brocade Communications Systems 12.4.00a Manual De Usuario

Firewall load balancing enhancements

1

Syntax: [no] client-max-conn-limit <name>

Enter the name of the max connection policy for <name>. 

NOTE

When the policy is bound to a VIP, the policy limits the number of connections that a client can have 
on any real server on the network.

Firewall load balancing enhancements

This section contains the following sections:

•

•

•

•

Enabling firewall strict forwarding 

To enable load balancing only when traffic is going to a firewall, use the following command.

ServerIronADX(config)# server fw-strict-fwd

Syntax: server fw-strict-fwd

Use the server fw-strict-fwd command in the global configuration mode. Without this command, 
when the ServerIron receives traffic that matches the firewall flow session and the traffic is not 
received from a firewall, then the ServerIron assumes that it needs to be load balanced to a 
firewall. 

This command checks to ensure that traffic is going to a firewall and only then does the ServerIron 
load balance it to a firewall.

Enabling firewall VRRPE priority 

To configure VRRPE state to track the firewall group state, use the following command. 

ServerIronADX(config)# server fw-g 2

ServerIronADX(config-tc-2)#fw-vrrpe-priority

ServerIronADX(config-tc-2)#

Syntax: fw-vrrpe-priority <priority>

Use the fw-vrrpe-priority command in the fw-group configuration mode.  <priority > is the VRRPE 
priority associated with current firewall group state. Valid values are 1 to 255. 

NOTE

This command can be used with the track-fw-group command below to force VRRPE state to track 
the firewall group state for a specific vrid.