|
NOTE: As noted in the individual command sections, some commands are valid only in FWLB or only in TCS.
Identifies an IP ACL for use with your configuration. For example, you can use the command to identify an ACL for denying FWLB for a specific TCP or UDP application port.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
To deny FWLB for TCP port 80 (HTTP) but allow FWLB for all other TCP and UDP application ports, enter commands such as the following:
ServerIronA(config)# access-list 101 deny tcp any any eq http
ServerIronA(config)# access-list 101 permit tcp any any
ServerIronA(config)# access-list 101 permit udp any any
ServerIronA(config)# server fw-group 2
ServerIronA(config-tc-2)# acl-id 101
The first three commands configure three ACL entries. The first entry denies FWLB for packets addressed to TCP port 80 (HTTP). The second ACL permits FWLB for all TCP applications. Packets that do not match the first ACL entry match the second ACL entry and are provided with FWLB. The third ACL permits FWLB for all UDP applications. The last two commands change the CLI level to the firewall group configuration level and apply ACL 101 to the firewall group.
Syntax: [no] access-list <num> deny | permit <ip-protocol> <source-ip> | <hostname> <wildcard> [<operator>
<source-tcp/udp-port>] <destination-ip> | <hostname> <wildcard> [<operator> <destination-tcp/udp-port>]
[precedence <name> | <num>] [tos <name> | <num>] [log]
Syntax: [no] acl-id <num>
For detailed information about the ACL syntax, see the “Using Access Control Lists (ACLs)” chapter in the Foundry Switch and Router Installation and Basic Configuration Guide.
Possible values: The ID of a configured IP ACL.
Default value: N/A
This command assigns a cache server to the cache group. The cache server must already be configured. (See "server cache-name" .)
NOTE: This command applies only to TCS configurations and is not valid in FWLB configurations.
NOTE: A cache server can be in only one cache group. If you add a cache server to a cache group, the ServerIron automatically removes the cache server from the cache group the cache server was already in.
EXAMPLE:
To assign a cache server named “web2” to cache group 1, enter the following:
ServerIron(config)# server cache-group 1
ServerIron(config-tc-1)# cache-name web2
Syntax: server cache-name <text>
Possible values: N/A
Default value: N/A
Clears statistics or clears entries from a cache or table. See the descriptions for the individual clear commands in "Privileged EXEC Commands" .
Enables destination NAT for TCS.
By default, the ServerIron translates the destination MAC address of a client request into the MAC address of the cache server. However, the ServerIron does not translate the IP address of the request to the cache server’s IP address. Instead, the ServerIron leaves the destination IP address untranslated.
This behavior assumes that the cache server is operating in promiscuous mode, which allows the cache server to receive requests for any IP address as long as the MAC address in the request is the cache server’s. This behavior works well in most caching environments. However, if your cache server requires that the client traffic arrive in directed IP unicast packets, you can enable destination NAT.
NOTE: This option is rarely used. If your cache server operates in promiscuous mode, you probably do not need to enable destination NAT. Otherwise, enable destination NAT. Consult your cache server documentation if you are unsure whether you need to enable destination NAT.
EXAMPLE:
To enable destination NAT for cache group 1, enter the following command:
ServerIron(config)# server cache-group 1
ServerIron(config-tc-1)# dest-nat
Syntax: dest-nat
Possible values: N/A
Default value: Disabled
This command disables the cache group.
NOTE: This command applies only to TCS configurations and is not valid in FWLB configurations.
EXAMPLE:
To disable cache group 2, enter the following command.
ServerIron(config-tc-1)# disable
Syntax: [no] disable
Possible values: N/A
Default value: Enabled
Moves activity to the privileged EXEC level from any level of the CLI, with the exception of the user level.
EXAMPLE:
To move to the privileged level, enter the following from any level of the CLI.
ServerIron(config-tc-1)# end
ServerIron#
Syntax: end
Possible values: N/A
Default value: N/A
Moves activity up one level from the current level. In this case, activity will be moved to the global level.
EXAMPLE:
ServerIron(config-tc-1)# exit
ServerIron(config)#
Syntax: exit
Possible values: N/A
Default value: N/A
Contact Foundry engineering for information about this command.
Configures a path for FWLB.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
To configure paths for two firewalls, enter the following commands. See the Foundry ServerIron Firewall Load Balancing Guide for complete configuration examples.
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# fwall-info 1 3 209.157.23.3 209.157.22.3
ServerIron(config-tc-2)# fwall-info 2 5 209.157.23.3 209.157.22.4
Syntax: [no] fwall-info <path-num> <portnum> <other-ServerIron-ip> <next-hop-ip> [path-group-id <num>] [remote-id <num>]
The <path-num> parameter specifies the path ID. In basic FWLB configurations, the paths go from one ServerIron to the other through the firewalls. In IronClad FWLB, additional paths go to routers. On each ServerIron, the sequence of path IDs must be contiguous (with no gaps), starting with path ID 1. For example, path sequence
1, 2, 3, 4, 5 is valid. Path sequence 1, 3, 5 or 5, 4, 3, 2, 1 is not valid.
The <portnum> parameter specifies the number of the port that connects the ServerIron to the firewall or router.
If the FWLB configuration does not use static MAC entries, you can specify a dynamic port number instead of a physical port number for a firewall path. A dynamic port number allows the ServerIron to dynamically select a port for the firewall path. To specify a dynamic port, enter one of the following instead of the physical port number for a firewall path:
- 65535 (valid dynamic port number in 07.2x and 08x)
- 255 (valid dynamic port number in 07.3x)
NOTE: Dynamic port numbers are valid only for firewall paths, not for router paths. Dynamic port numbers are not valid for configurations that use static MAC entries.
The <other-ServerIron-ip> parameter specifies the IP address of the device at the other end of the path. For firewall paths, specify the management address or source IP address of the ServerIron on the other side of the firewall. For router paths, specify the router’s IP interface with the ServerIron.
- On the external ServerIrons, specify the internal ServerIrons’ management addresses for the trusted zone but specify the source IP addresses for the other zones.
- On the internal ServerIrons, specify the external ServerIrons’ management addresses for the non-trusted zone, which is the only zone on the external ServerIrons.
The <next-hop-ip> parameter specifies the IP address of the next hop in the path. For firewall paths, specify the IP address of the firewall interface connected to this ServerIron. For router paths, specify the router’s IP interface with the ServerIron.
The path-group-id <num> parameter specifies the number that indicates the firewall through which the paths go.
NOTE: Router paths do not use path IDs.
The remote-id <num> parameter is a number (1 or 2) representing the ServerIron at the remote end of the path in a superzone FWLB configuration. Specify 1 for a basic configuration. Specify 1 and 2 for the two ServerIrons in a high-availability configuration.
NOTE: The remote-id <num> parameter applies only to superzone FWLB. See the "Configuring Superzone FWLB" chapter in the Foundry ServerIron Firewall Load Balancing Guide.
Possible values: See above
Default value: N/A
Configures a firewall zone. Use this command when configuring multi-zone FWLB. For a complete configuration example, see the Foundry ServerIron Firewall Load Balancing Guide.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
To configure an ACL and a firewall zone that uses the ACL, enter commands such as the following:
Zone1-SI(config)# access-list 2 permit 209.157.25.0 0.0.0.255
Zone1-SI(config)# server fw-group 2
Zone1-SI(config-tc-2)# fwall-zone Zone2 2 2
Syntax: [no] fwall-zone <string> <zonenum> <acl-id>
The <string> parameter specifies the zone name.
The <zonenum> parameter specifies the zone number. You can specify a value from 1 – 10.
The <acl-id> field specifies the ACL that defines the range of IP addresses in the zone.
Possible values: See above
Default value: N/A
Configures the ServerIron to drop the traffic instead of load balancing it using the hashing mechanism.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
By default, if the ServerIron receives traffic that it needs to forward to a firewall, but the firewall already has the maximum number of sessions open or has exceeded its maximum connection rate, the ServerIron uses a hashing mechanism to select another firewall. The hashing mechanism selects another firewall based on the source and destination IP addresses and application port numbers in the packet.
The ServerIron drops traffic only until the firewall again has available sessions.
EXAMPLE:
ServerIron(config-tc-2)# fw-exceed-max-drop
Syntax: [no] fw-exceed-max-drop
Possible values: N/A
Default value: Disabled
Changes the number of times the ServerIron attempts a Layer 3 health check of an FWLB path before concluding that the path is unhealthy.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
By default, the ServerIron checks the health of each firewall and router path by sending an ICMP ping on the path every 400 milliseconds.
- If the ServerIron receives one or more responses within 1.2 seconds, the ServerIron concludes that the path is healthy.
- Otherwise, the ServerIron reattempts the health check by sending another ping. By default, the ServerIron reattempts an unanswered path health check up to three times before concluding that the path is unhealthy.
You can change the maximum number of retries to a value from 3 – 31 (ServerIron Chassis devices) or 8 – 31 (all other ServerIron models).
EXAMPLE:
ServerIron(config-tc-2)# fw-health-check icmp 20
Syntax: [no] fw-health-check icmp <num>
The <num> parameter specifies the maximum number of retries and can be a number from 3 – 31 (ServerIron Chassis devices) or 8 – 31 (all other ServerIron models). The default is 3.
Possible values: 3 – 31 (ServerIron Chassis devices) or 8 – 31 (all other ServerIron models)
Default value: 3
You can configure the ServerIrons in an FWLB configuration to use Layer 4 health checks instead of Layer 3 health checks for firewall paths.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
By default, the ServerIron performs Layer 3 health checks of firewall paths, but does not perform Layer 4 health checks of the paths. When you configure a Layer 4 health check, the Layer 3 (ICMP) health check, which is used by default, is disabled.
NOTE: The Layer 4 health check applies only to firewall paths. The ServerIron always uses a Layer 3 (ICMP) health check to test the path to the router.
When you configure a Layer 4 health check for firewall paths, the ServerIron sends Layer 4 health checks and also responds at Layer 4 to health checks from the ServerIron at the other end of the firewall path.
To configure a Layer 4 health check, specify the protocol (TCP or UDP). Optionally, you also can specify the port.
- UDP – The ServerIron sends and listens for path health check packets on the port you specify. If you do not specify a port, the ServerIron uses port 7777 by default. The port number is used as both the source and destination UDP port number in the health check packets.
- TCP – The ServerIron listens for path health check packets on the port you specify, but sends them using a randomly generated port number. If you do not specify a port, the ServerIron uses port 999 as the destination port by default.
NOTE: You must configure the same Layer 4 health check parameters on all the ServerIrons in the FWLB configuration. Otherwise, the paths will fail the health checks.
EXAMPLE:
ServerIron(config-tc-2)# fw-health-check udp
The command in this example enables Layer 4 health checks on UDP port 7777. This ServerIron sends firewall path health checks to UDP port 7777 and listens for health checks on UDP port 7777.
Syntax: [no] fw-health-check udp | tcp [<tcp/udp-portnum> <num>]
The <tcp/udp-portnum> parameter specifies the TCP or UDP port and can be a number in one of the following ranges:
- For TCP, from 1 – 65535
- For UDP, from 1 – 1032 or 2033 – 65535
NOTE: Do not use a number from 1033 – 2032 for UDP. Port numbers in this range are not supported for FWLB UDP health checks.
The <num> parameter specifies the maximum number of retries and can be a number from 8 – 31. The default is 3.
You can disable the Layer 4 health checks on individual firewalls if needed. To disable the Layer 4 health check for an individual application on an individual firewall, enter a command such as the following at the firewall configuration level of the CLI:
ServerIron(config-rs-FW1)# port http no-health-check
The command in this example disables Layer 4 health checks for port HTTP on firewall FW1.
Syntax: [no] no-health-check
Possible values: See above
Default value: Disabled
Adds a firewall to the firewall group for firewall load balancing.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
To add a firewall named FW99 to firewall group 2, enter the following commands:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# fw-name FW99
NOTE: The command prompt looks the same for cache groups and the firewall group. Make sure you enter the
fw-group 2 command instead of the
cache-group <num> command to reach the CLI prompt shown in this example.
Syntax: fw-name <string> <ip-addr>
Possible values: See above
Default value: N/A
Configures the ServerIron to load balance based on the lowest number of connections for the traffic flow’s application. By default, the ServerIron load balances firewall traffic flows by selecting the firewall with the lowest number of total connections.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
For example, suppose a configuration has two firewalls (FW1 and FW2), and each firewall has two application ports defined (HTTP and SMTP). Also assume the following:
- FW1 has 10 HTTP connections and 80 SMTP connections.
- FW2 has 60 HTTP connections and 10 SMTP connections.
Using the default load balancing method, traffic for a new flow is load balanced to FW2, since this firewall has fewer total connections. This is true regardless of the application in the traffic. However, using the load balancing by application method, a new traffic flow carrying HTTP traffic is load balanced to FW1 instead of FW2, because FW1 has fewer HTTP connections. A new traffic flow for SMTP is load balanced to FW2, since FW2 has fewer SMTP connections.
EXAMPLE:
ServerIron(config-tc-2)# fw-predictor per-service-least-conn
Syntax: [no] fw-predictor total-least-conn | per-service-least-conn
The total-least-conn parameter load balances traffic based on the total number of connections only. This is the default.
The per-service-least-conn parameter load balances traffic based on the total number of connections for the traffic’s application. This is valid for TCP or UDP applications.
Possible values: See above
Default value: total-least-conn
This command defines how requests are distributed among multiple web cache servers or firewalls within a cache group or firewall group.
EXAMPLE:
To direct all web queries destined for the same web site (such as “www.rumors.com”) to the same cache server for processing, enter the following hash-mask command:
ServerIron(config-tc-1)# hash-mask 255.255.255.255 0.0.0.0
NOTE: This is useful for networks that have many users accessing the same web site locations. It may be more useful to use only the first three octets of the Destination IP address (255.255.255.0) for web sites that may return multiple web server addresses (for example “www.rumors1.com” and "www.rumors2.com") in response to www.rumors.com queries.
EXAMPLE:
To direct all users from the same Class B sub-net (255.255.0.0) to either server1 or server2 and to direct all redundant requests destined to the same web site (255.255.255.0) to the same web cache server, enter the following hash-mask command:
ServerIron(config-tc-1)# hash-mask 255.255.255.0 255.255.0.0
EXAMPLE:
To configure a hash mask for firewall load balancing, enter the following command:
ServerIron(config-tc-1)# hash-mask 255.255.255.255 255.255.255.255
NOTE: The command prompt looks the same for cache groups and the firewall group. Make sure you enter the
fw-group 2 command instead of the
cache-group <num> command to reach the CLI prompt shown in this example.
Syntax: hash-mask <destination-mask> <source-mask>
Possible values: valid IP addresses
Default value: destination mask 255.255.255.0, source mask 0.0.0.0.
Specifies a range of TCP or UDP application port numbers for use in FWLB hashing calculations. This is useful in environments where the same source-and-destination pairs generate a lot of traffic and you want to load balance the traffic across more than one firewall.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
By default, the FWLB hashing algorithm uses the source and destination IP addresses of a packet for hashing but disregards the source and destination TCP or UDP application port numbers.
NOTE: You also can specify a list of ports, in which case the software hashes based on the combined set of ports from the list and the range. If you specify both a list and a range of ports, the software uses the source and destination application ports of a packet to hash, if the packet’s source or destination application port is one of the ports in the specified list or the specified range.
EXAMPLE:
To specify a range of application ports, enter a command such as the following at the firewall group configuration level of the CLI:
ServerIron(config-tc-2)# hash-port-range 69 80
Syntax: [no] hash-port-range <start-num> <end-num>
The <start-num> parameter specifies the starting port number in the range. Specify the port number at the lower end of the range.
The <end-num> parameter specifies the ending port number in the range. Specify the port number at the higher end of the range.
Possible values: See above
Default value: N/A
Specifies a list of TCP or UDP application port numbers for use in FWLB hashing calculations. This is useful in environments where the same source-and-destination pairs generate a lot of traffic and you want to load balance the traffic across more than one firewall.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
By default, the FWLB hashing algorithm uses the source and destination IP addresses of a packet for hashing but disregards the source and destination TCP or UDP application port numbers.
NOTE: You also can specify a range of ports, in which case the software hashes based on the combined set of ports from the list and the range. If you specify both a list and a range of ports, the software uses the source and destination application ports of a packet to hash, if the packet’s source or destination application port is one of the ports in the specified list or the specified range.
EXAMPLE:
To specify a list TCP/UDP ports to include in the hash calculations for firewall load balancing:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# hash-ports 69 80
Syntax: [no] hash-ports <num> [<num...>]
Possible values: The <num> parameters specify TCP or UDP port numbers. You can specify up to eight port numbers on the same command line.
Default value: N/A
This command is used in conjunction with the Content Aware Cache Switching feature on the ServerIron. This command ensures that HTTP 1.0 requests that have a pragma:no-cache header and HTTP 1.1 requests that have a Cache-Control header containing a no-cache directive are sent to the Internet. This is the default behavior. You can use the no form of this command to configure the ServerIron to ignore the pragma:no-cache or Cache-Control header in an HTTP request.
EXAMPLE:
To configure the ServerIron to ignore the pragma:no-cache or Cache-Control header in an HTTP request:
ServerIron(config-tc-1)# no http-cache-control
Syntax: [no] http-cache-control
Possible values: N/A
Default value: HTTP 1.0 requests that have a pragma:no-cache header and HTTP 1.1 requests that have a Cache-Control header containing a no-cache directive are sent to the Internet.
Enables Layer 2 FWLB for Layer 2 firewalls and for static route configurations.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
To enable the L2-fwall option on a ServerIron, enter the following commands:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# l2-fwall
Syntax: l2-fwall
Possible values: N/A
Default value: Disabled
This command is used to disable other commands. To do so, place the word
no before the command.
Causes requests to be dropped if a URL switching policy directs the requests to a server group, but none of the cache servers in the server group are available. Without this command, if none of the cache servers in a server group are available, the requests are directed to one of the other server groups configured on the device.
EXAMPLE:
ServerIron(config)# server cache-group 1
ServerIron(config-tc-1)# no-group-failover
ServerIron(config-tc-1)# exit
Syntax: no-group-failover
Possible values: N/A
Default value: N/A
Prevents the ServerIron from downgrading the HTTP version in a request to 1.0.
In a content aware cache switching configuration, when the ServerIron receives an HTTP request from a client, it determines to which cache server it should send the request. The ServerIron then establishes a TCP connection with the selected cache server and sends it the request.
If the request sent from the client to the ServerIron uses HTTP version 1.1, the ServerIron downgrades the HTTP version to 1.0 when it sends the request to the cache server. If you want to use HTTP 1.1 for the connection between the ServerIron and the cache servers, you can prevent the ServerIron from downgrading the HTTP version to 1.0.
EXAMPLE:
ServerIron(config)# server cache-group 1
ServerIron(config-vs-tc-1)# no-http-downgrade
ServerIron(config-vs-tc-1)# exit
Syntax: no-http-downgrade
Possible values: N/A
Default value: N/A
Specifies a path link tolerance for firewall paths. The default failover tolerance for firewall paths is one half the configured firewall paths.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
NOTE: The minimum number of required paths must match on each ServerIron in an active-standby pair. For example, if you specify one router path and three firewall paths as the minimum on the active ServerIron, you must configure the same minimums on the standby ServerIron.
EXAMPLE:
To specify the minimum number of paths required on a ServerIron:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# prefer-cnt 3
This example specifies that a minimum of three firewall paths must be available for the ServerIron to remain active. Thus, if the ServerIron has three firewall paths, one path can be unavailable and the ServerIron will remain the active ServerIron.
Syntax: prefer-cnt <num>
Possible values: The <num> parameter specifies the minimum number of paths required.
Default value: half the configured paths
Specifies a path link tolerance for router paths. The default tolerance for router ports is one half the configured router ports.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
NOTE: The minimum number of required paths must match on each ServerIron in an active-standby pair. For example, if you specify one router path and three firewall paths as the minimum on the active ServerIron, you must configure the same minimums on the standby ServerIron.
EXAMPLE:
To specify the minimum number of paths required on a ServerIron:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# prefer-router-cnt 3
This example specifies that a minimum of three router paths must be available for the ServerIron to remain active. Thus, if the ServerIron has three router paths, one path can be unavailable and the ServerIron will remain the active ServerIron.
Syntax: prefer-router-cnt <num>
Possible values: The <num> parameter specifies the minimum number of paths required.
Default value: half the configured router ports
This command returns you from any level of the CLI to the User EXEC mode.
EXAMPLE:
ServerIron(config-tc-1)# quit
ServerIron>
Syntax: quit
Possible values: N/A
Default value: N/A
This command configures the cache server to be remote. This covers the case where the cache server is not reachable from the ServerIron at Layer 2. This command applies only to cache servers and is not allowed to be configured under real servers.
EXAMPLE:
ServerIron(config)# server cache-name cache1 172.32.1.20
ServerIron(config-rs-cache1)# remote-cache
Syntax: remote-cache
Possible values: N/A
Default value: N/A
Displays the real and virtual server configuration information on a remote site ServerIron in the GSLB ServerIron’s CLI. The command also displays the session and CPU information used by the GSLB policy. You can view detailed configuration information and statistics for the site ServerIron, from the GSLB ServerIron’s management console. For more information, see the "Configuring Global Server Load Balancing" chapter in the Foundry ServerIron Installation and Configuration Guide.
Displays a variety of configuration and statistical information about the ServerIron. To see a description of the show commands, see "Show Commands" .
Configures the ServerIron to support TCS using cache servers that send requests to the Internet using the requesting client's IP address as the source (known as cache server spoofing).
EXAMPLE:
ServerIron(config)# server cache-group 1
ServerIron(config-tc-1)# spoof-support
Syntax: [no] spoof-support
Possible values: N/A
Default value: Cache server spoofing support is disabled by default.
Configures the ServerIron to translate the source address of client requests the ServerIron forwards to cache servers. The ServerIron changes the address to a source IP address you have configured on the ServerIron.
Add source IP addresses and enable source NAT if the ServerIron and cache server are in different sub-nets. For information, see the "Configuring Network Address Translation" chapter of the Foundry ServerIron Installation and Configuration Guide.
EXAMPLE:
ServerIron(config-tc-1)# source-nat
Syntax: [no] source-nat
Possible values: N/A
Default value: Disabled
Specifies the priority of this ServerIron with respect to the other ServerIron for the firewalls in the firewall group. The ServerIron with the higher priority is the default active ServerIron for the firewalls within the group.
NOTE: This command applies only to FWLB configurations and is not valid in TCS configurations.
EXAMPLE:
SI-ActiveA(config)# server fw-group 2
SI-ActiveA(config-tc-2)# sym-priority 254
Syntax: sym-priority <priority>
Possible values: 0 – 255; setting the priority to 0 removes the priority setting from the configuration
Default value: N/A
This command is used in conjunction with the Content Aware Cache Switching feature on the ServerIron. This command causes HTTP requests for a specified host to be evaluated by a specified URL switching policy.
EXAMPLE:
To cause HTTP requests for www.mysite.com to be evaluated by policyA.
ServerIron(config-tc-1)# url-host-id www.mysite.com policyA
Syntax: url-host-id <host> <policy-name>
Possible values: Host name, URL switching policy name
Default value: N/A
This command is used in conjunction with the Content Aware Cache Switching feature on the ServerIron. This command specifies a URL switching policy to be active for this cache group. If you configure more than one URL switching policy, the policies must be linked together.
EXAMPLE:
To specify a URL switching policy to be active for a cache group:
ServerIron(config-tc-1)# url-map p1
Syntax: url-map <policy-name>
Possible values: URL switching policy name
Default value: N/A
Activates Content Aware Cache Switching for this cache group. You must have already defined the URL switching policies before entering this command.
EXAMPLE:
To activate Content Aware Cache Switching for a cache group:
ServerIron(config-tc-1)# url-switch
Syntax: url-switch
Possible values: N/A
Default value: N/A
This command configures the ServerIron for either of the following features:
- Policy-based Cache Failover. See the "Configuring Transparent Cache Switching" chapter in the Foundry ServerIron Installation and Configuration Guide.
- FWLB for VPN firewalls. See the Foundry ServerIron Firewall Load Balancing Guide.
EXAMPLE:
To add virtual IP address 209.157.22.26 to cache group 1, enter the following command:
ServerIron(config-tc-1)# virtual-ip 209.157.22.26
EXAMPLE:
To enable the VPN Load Balancing feature and specify the FireWall-1 Cluster IP address, enter the following commands. These commands apply to the ServerIron that is connected to the Internet side of the firewalls.
ServerIron(config)# server vpn-lb
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# virtual-ip 10.10.1.10
Syntax: virtual-ip <ip-addr>
You do not need to enter a network mask.
Possible values: N/A
Default value: N/A
Saves the running-time configuration into the startup-config file.
EXAMPLE:
ServerIron(config-tc-1)# write memory
Syntax: write memory
Possible values: N/A
Default value: N/A
Displays the running-configuration of the ServerIron on the terminal screen.
EXAMPLE:
ServerIron(config-tc-1)# write terminal
Syntax: write terminal
Possible values: N/A
Default value: N/A
| 
