Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA
408.745.2000 1.888 JUNIPER
www.juniper.net
Radware AppDirector and Juniper Networks
Design Considerations . . . . 4
Radware AppDirector Products . . . . 4
Juniper Networks Infranet Controller (IC) Products . . . . 4
Juniper Networks Infranet Controller Overview . . . . 5
Radware AppDirector Overview . . . . 6
Radware AppDirector and Juniper Networks Infranet Controller Architecture . . . . 6
Radware Benefits for Juniper Networks Infranet Controller Solutions . . . . 7
Radware AppDirector and Juniper Networks Infranet Controller High Availability Interoperability Tests and Configurations . . . . 7
Tests Conducted for Solution Validation . . . . 8
Primary AppDirector Configuration . . . . 8
Initial Primary AppDirector Configuration . . . . 8
Farm Configuration . . . . 9
Layer 4 Policy Configuration . . . .11
Client Network Address Translation Configuration . . . . 15
Adding Servers to the Farm . . . . 17
Health Monitoring Configuration . . . . 20
Binding Health Checks to Servers . . . . 24
Primary AppDirector VRRP Configuration . . . . 25
Backup AppDirector Configuration . . . . 30
Initial Backup AppDirector Configuration . . . . 30
Farm Configuration . . . . 30
Layer 4 Policy Configuration . . . . 30
Client Network Address Translation Configuration . . . . 31
Adding Servers to the Farm . . . . 31
Health Monitoring Configuration . . . . 31
Binding Health Checks to Servers . . . . 31
Summary . . . . 35
Appendix . . . . 36
High Availability Design Configurations . . . . 36
Primary Configuration from OnDemand Switch 2 Platform . . . . 36
Backup Configuration from OnDemand Switch 2 Platform . . . . 44
About Juniper Networks . . . . 54
List of Figures
Figure 1 . Juniper Networks Unified Access Control . . . . 5Controller (IC), a hardened policy management server that uses Juniper’s proven, best-in-class security and access control products . The Infranet Controller can push the UAC agent down to the endpoint to collect user authentication, endpoint security state, and device location information; or, alternatively, it can gather that same information in agentless mode .
As access networks grow and endpoints compete for both internal and external network access resources, the need remains to maintain response times and service availability, to help ensure the best quality of experience for the end user . AppDirector scales the Infranet Controller appliances and manages the health and user session state of Infranet Controller resources, dynamically protecting against session loss and ultimately insulating an access security layer service vital to the safety and successful access to network resources . Figure 1 shows a logical UAC topology including the Infranet Controller as the central policy enforcement manager .
Scope
This document is intended for end users and technical systems engineers who will be deploying a joint Juniper Networks Infranet Controller – Radware AppDirector solution . This guide provides detailed configuration and setup information for implementing the joint solution .
Design Considerations
Radware AppDirector Products
Software: AppDirector Version 1 .06 .07 •
Platform: AppDirector OnDemand Switch 2 (ODS 2) •
Performance: Throughput support from 1 to 4 Gbps with license-based upgrades . OnDemand Switch 2 supports •
5 million simultaneous user with a default 2 GB of RAM or 8 million simultaneous users with 4 GB of RAM
Juniper Networks Infranet Controller (IC) Products
Software: Release 2 .1 •
Platform: Juniper Networks IC 4000 and 6000 •
Figure 1. Juniper Networks Unified Access Control
Access P oint WirelessAAA Servers
Identity Stores
IEEE
802.1X
UAC Agent
Central Policy Manager
Firewalls
Protected
Resources
Endpoint Profiling, User Authentication, and Endpoint Policy
Dynamic Role Provisioning User Access to Protected Resources User Admission to Network
AAA
NSInfranet
Controlle
r
Enforcement
Points
L2 Switch EX SeriesJuniper Networks Infranet Controller Overview
After user or device credentials have been submitted, the Infranet Controller implements a comprehensive AAA engine for seamless deployment into almost all popular AAA settings .
After the credentials have been validated and the endpoint security state established, the Infranet Controller creates and implements a dynamic access policy for each user and session and pushes that policy to enforcement points throughout the network . The enforcement points can include:
Any vendor’s standards-compliant IEEE 802 .1X–enabled switches or access points •
Any Juniper Networks firewall and VPN platform, including the Juniper Networks Integrated Services •
Gateway (ISG) with Intrusion Detection and Prevention (IDP) and the Juniper Networks Secure Services Gateway (SSG) secure routing platforms
Both types of products for even greater granularity •
The IC 6000 also integrates the RADIUS processing capabilities of Juniper Networks Steel-Belted Radius (SBR) servers, the de facto standard in RADIUS servers and appliances . This integration lets the IC 6000 support an IEEE 802 .1X transaction over vendor-agnostic, IEEE 802 .1X–enabled switches and access points when an endpoint attempts network access .
The IC 6000 is designed to address the needs of large enterprises, multinational organizations, and
government agencies, with the capability to handle up to tens of thousands of concurrent endpoints . The IC 6000 includes a number of high-availability features, including a hot-swappable power supply and hard disk that are both field upgradeable . The IC 6000 can be deployed in multi-unit clusters to increase performance and provide additional scalability .
service-smart networking to ensure local and global server availability and accelerated application performance and safeguard services with integrated intrusion prevention and denial of service (DoS) protection for fast, reliable, secure service delivery .
AppDirector uses advanced Layer 4 through 7 policies and granular service intelligence, enabling end-to-end service-smart networking and aligning service infrastructure operations with service front-end requirements to eliminate traffic surges, infrastructure bottlenecks, connectivity disconnects, and downtime for assured service access and full-service continuity and redundancy .
AppDirector enables fine-tuning of service behavior at all critical points, end to end, based on granular service-specific classification of packets to optimize traffic flows for a wide range of services, including support for Hypertext Transfer Protocol (HTTP), HTTP over Secure Sockets Layer (HTTPS), Multipurpose Internet Mail Extensions (MIME), Real-Time Streaming Protocol (RTSP), Simple Mail Transfer Protocol (SMTP), voice over IP (VoIP; Session Initiation Protocol, or SIP), streaming media (Real-Time Transfer Protocol, or RTP), RADIUS, Diameter, and secure Lightweight Directory Access Protocol (LDAP) applications .
AppDirector lets you get the most out of your service investments by maximizing the utilization of service infrastructure resources and enabling seamless consolidation and high scalability . Make your network adaptive and more responsive to your dynamic services and business needs with AppDirector fully integrated traffic classification and flow management, health monitoring and failure bypassing, traffic redirection, bandwidth management, intrusion prevention, and DoS protection .
For more information, please visit http://www .radware .com/ .
Radware AppDirector and Juniper Networks Infranet Controller Architecture
The AppDirector and Infranet Controller solution is designed to provide a highly scalable and highly available subsystem for deploying policy management infrastructure . The IC 6000 appliances are configured in an active-active cluster, with individual components queried for service availability by AppDirector . Using this important health monitoring information, AppDirector can calculate availability, and using existing load information, AppDirector can provide highly granular load distribution across Infranet Controller appliances . AppDirector maintains client sessions for persistency and works in conjunction with Infranet Controller state replication logic to ensure session survivability through Infranet Controller failover events . Together the two components help ensure zero loss of connectivity, offering a best-in-class solution . Figure 2 shows the high-availability architecture .
Figure 2. Infranet Controller and AppDirector Integration Topology
Network
IC 6000 Switch Switch Switch AppDirector AppDirector IC Cluster A .12 Cluster A 10.0.0.12-14 10.0.0.10–Main VIP TCP 80, 443 UDP 1812-13, 1645-6 Switch 1 10.0.0.5 Switch 2 10.0.0.6 AppDirector_A MGM: 192.168.3.195/24 IP: 10.0.0.3/24 AppDirector_B MGM: 192.168.3.196/24 IP: 10.0.0.4/24 IC 6000 .13 IC 6000 .14 IC 6000 IC Cluster B .22 Cluster B 10.0.0.22-24 IC 6000 .23 IC 6000 .24 VRRP STRMRadware Benefits for Juniper Networks Infranet Controller Solutions
Juniper and Radware have conducted complete interoperability testing and developed integrated solutions using the Radware AppDirector and Juniper Networks Infranet Controller products . This strong interoperability and integration provides a solution that delivers industry-leading scalability, security, and performance for those deploying policy management (UAC) solutions .
Radware AppDirector and Juniper Networks Infranet Controller High
Availability Interoperability Tests and Configurations
This section describes the interoperability tests performed and presents the steps for configuring AppDirector . There are separate configuration steps to be taken on the primary (active) and backup AppDirector devices, so the configuration discussion is divided into two parts: one for the primary device, and one for the backup device .
Test Case Description
AppDirector: Virtual IP and service farm
Verify that the virtual IP address and service farm defined in the load balancer work as expected.
AppDirector: Dispatch algorithm
Verify that a new request follows the least connection policy (configured dispatch method).
AppDirector: Persistency or
session affinity Verify that the user agent connection stays with the same sever and maintains the selected server throughout the life of a session. AppDirector high availability:
Master failover
Verify that the load balancer high-availability setting prevents a single point of failure (SPOF) and that VRRP fails over properly.
AppDirector high availability: Backup assuming master Virtual Router Redundancy Protocol (VRRP) role
Verify that the load balancer maintains a client’s sessions during a failover event. This validates the state replication logic between AppDirector controllers, ensuring session survivability through failover.
AppDirector high availability: Master failback
Verify that Infranet Controller clients maintain connectivity and that VRRP role exchange occurs as expected.
Infranet Controller cluster:
Failover Verify that AppDirector detects Infranet Controller failure and dynamically manages new requests and reconnections to the available Juniper Networks Secure Access (SA) appliances.
Infranet Controller cluster: New service
Verify that AppDirector detects new Infranet Controller service elements without affecting existing sessions.
Primary AppDirector Configuration
This section details the step-by-step AppDirector configuration process, using the Web-based management GUI, for creating the Juniper Networks Infranet Controller and Radware AppDirector high-availability subsystem . Refer to Figure 2 for topology and addressing information .
Initial Primary AppDirector Configuration
Using a serial cable and a terminal emulation program, connect to AppDirector . 1 .
The default console port settings are: Bits per Second: 19200
• Data Bits: 8 • Parity: None • Stop Bits: 1 •
Flow Control: None •
Enter the following command to assign management IP address 192 .168 .3 .195 / 24 to interface 17 2 .
(dedicated management interface) of AppDirector:
net ip-interface create 192.168.3.195 255.255.255.0 17
Note: Connectivity to AppDirector can be established at this time if the client resides on the same
management subnet .
Enter the following command to assign IP address 10 .0 .0 .3/ 24 to interface 1 (production traffic 3 .
connectivity) of AppDirector:
Enter the following command to create a default gateway route entry on AppDirector pointing to 10 .0 .0 .1: 4 .
net route table create 0.0.0.0 0.0.0.0 10.0.0.1 -i 1
Using a browser, connect to the management IP address of AppDirector (192 .168 .3 .195) via HTTP or 5 .
HTTPS . The default username and password are radware and radware . Failure to establish a connection may be due to the following:
Incorrect IP address in the browser •
Incorrect IP address or default route configuration in AppDirector •
Failure to enable Web-based management or secure Web-based management in AppDirector •
If AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH . If the pinging or the Telnet or SSH connection is unsuccessful, reconnect to AppDirector via its console port . After you are connected, verify and correct the AppDirector configuration as needed .1
Farm Configuration
From the menu, choose
1 . AppDirector > Farms > Farm Table to display the Farm Table page .
Click the
2 . Create button .
On the
3 . Farm Table Create page, enter the necessary parameters as shown here .
Click the
4 . Set button to save the parameters .
Click the
5 . Create button .
Click the
7 . Set button to save parameters .
Click the
8 . Create button .
On the
9 . Farm Table Create page, enter the necessary parameters as shown here:
Click the
10 . Set button to save the parameters .
Verify that the new entry was created on the
11 . Farm Table page .
Layer 4 Policy Configuration
From the menu, choose
1 . AppDirector > Layer 4 Farm Selection > Layer 4 Policy Table to display the
Layer 4 policy table .
Note: In the design presented here, three virtual IP addresses are used to represent three farms:
Virtual IP Farm Ports in Use
10.0.0.10 MainCluster TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
10.0.0.11 ClusterA TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
10.0.0.21 ClusterB TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
When you specify port values in the Layer 4 policy table, an access list is automatically created for undefined values .
Click the
2 . Create button .
On the
3 . Layer 4 Policy Table Create page, enter the necessary parameters as shown here .
Note: This Layer 4 policy is for the main cluster HTTP traffic .
Click the
4 . Set button to save the parameters .
On the
5 . Layer 4 Policy Table page, click the Create button .
On the
Note: This Layer 4 policy is for main cluster HTTPS traffic .
Click the
7 . Set button to save the parameters .
On the
8 . Layer 4 Policy Table page, click the Create button .
On the
9 . Layer 4 Policy Table Create page, enter the necessary parameters as shown here .
Note: This Layer 4 policy is for main cluster Infranet Controller communication traffic .
Click the
10 . Set button to save the parameters .
On the
11 . Layer 4 Policy Table page, click the Create button .
On the
Note: This Layer 4 policy is for main cluster Infranet Controller communication traffic .
Click the
13 . Set button to save the parameters .
On the
14 . Layer 4 Policy Table page, click the Create button .
On the
15 . Layer 4 Policy Table Create page, enter the necessary parameters as shown here .
Note: This Layer 4 policy is for main cluster Infranet Controller communication traffic .
Click the
16 . Set button to save the parameters .
On the
17 . Layer 4 Policy Table page, click the Create button .
On the
Note: This Layer 4 policy is for main cluster Infranet Controller communication traffic .
Click the
19 . Set button to save the parameters .
On the
20 . Layer 4 Policy Table page, click the Create button .
On the
21 . Layer 4 Policy Table Create page, enter the necessary parameters as shown here .
Note: This Layer 4 policy is for main cluster Infranet Controller communication traffic .
Click the
22 . Set button to save the parameters .
Verify that the new entries were created on the
23 . Layer 4 Policy Table page; your table should be similar to
Note: Repeat the Layer 4 policy definition process shown at the beginning of this section for both Cluster A
and Cluster B virtual IP and port definitions . The policy definition values are the same as for the main cluster, so you can use the command-line interface (CLI) configuration file statements for the Layer 4 policies created so far and the same logic, adding the clusters and changing the Layer 4 policy name, virtual IP, and farm name . The Layer 4 policy definitions created above can be seen in the appendix . The new Layer 4 policy statements can be appended to the existing configuration file by choosing File > Configuration > Send to Device .
Client Network Address Translation Configuration
From the menu, choose
1 . AppDirector > NAT > Client NAT to display the Client NAT Global Parameters
page . On the
2 . Client NAT Global Parameters page, change the parameters as shown here .
Click the
3 . Set button to save parameters .
Click the
4 . Client NAT Intercept Table hyperlink at the top of the configuration window .
Click the
5 . Create button .
On the
Click the
7 . Set button to save parameters .
Click the
8 . Client NAT Address Table hyperlink at the top of the configuration window .
Click the
9 . Create button .
On the
10 . Client NAT Address Table Create page, enter the necessary parameters as shown here .
Click the
11 . Set button to save the parameters .
From the menu, choose
12 . AppDirector > Farms > Farm Table to display the Farm Table page .
Click the
13 . Extended Farm Parameters hyperlink near the top of the page .
On the
14 . Extended Farm Parameters page, click the MainCluster farm name and enter the necessary
parameters as shown here .
Click the
15 . Set button to save parameters .
On the
16 . Extended Farm Parameters page, click the ClusterA farm name and enter the necessary
parameters as shown here .
Click the
On the
18 . Extended Farm Parameters page, click the ClusterB farm name and enter the necessary
parameters as shown here .
Click the
19 . Set button to save the parameters .
Adding Servers to the Farm
From the menu, choose
1 . AppDirector > Servers > Application Servers to display the Server Table page .
On the
2 . Server Table page, click the Create button .
On the
3 . Server Table Create page, enter the necessary parameters as shown here .
Click the
4 . Set button to save the parameters .
Create the second server using the information shown here . 5 .
Click the
6 . Set button to save the parameters .
Create the third server using the information shown here . 7 .
Click the
Create the fourth server using the information shown here . 9 .
Click the
10 . Set button to save the parameters .
Create the fifth server using the information shown here . 11 .
Click the
Click the
14 . Set button to save the parameters .
Note: Repeat the server-to-farm mapping policy definitions for both Cluster A and Cluster B . Notice from the
mapping following table that Cluster A and B have only half the servers defined for the main cluster . In the design presented here, three farms are mapped to six servers in the following way:
Farm Servers
MainCluster 12, 13, 14 and 22, 23, 24
ClusterA 12, 13, 14
ClusterB 22, 23, 24
Health Monitoring Configuration
From the menu, choose
1 . Health Monitoring > Global Parameters to display the Health Monitoring Global
Parameters page . On the
2 . Health Monitoring Global Parameters page, change the parameters as shown here .
Click the
From the menu, choose
4 . Health Monitoring > Check Table to display the Health Monitoring Check
Table page .
To create the health monitoring check for the first server, click the
5 . Create button .
On the
6 . HM Check Table Create page, enter the necessary parameters as shown here .
Click the
7 . Set button to save the parameters .
To create the health monitoring second check for Server 12, click the
8 . Create button .
On the
Click the
13 . Set button to save the parameters .
Click the
14 . Create button .
On the
15 . HM Check Table Create page, enter the necessary parameters as shown here .
Click the
Click the
17 . Create button .
On the
18 . HM Check Table Create page, enter the necessary parameters as shown here .
Click the
19 . Set button to save the parameters .
Click the
20 . Create button .
On the
21 . HM Check Table Create page, enter the necessary parameters as shown here .
Click the
22 . Set button to save the parameters .
Note: Repeat the health check definitions for Servers 13, 14, 22, 23, and 24 . The policy values for the
individual service checks are the same as the Server 12 entries . You can also use the CLI configuration file statements for the health check policies created so far and the same logic, adding the servers and making changes to their IP and server names . The health check server definitions presented here can be seen in the primary configuration file in the appendix . The new server statements can be appended to the existing configuration file by choosing File > Configuration > Send to Device .
Click the
2 . Create button .
On the
3 . HM Binding Table Create page, enter the necessary parameters as shown here .
Click the
4 . Set button to save the parameters .
Click the
5 . Create button .
On the
6 . HM Binding Table Create page, enter the necessary parameters as shown here .
Click the
7 . Set button to save the parameters .
Verify that the new entry was created on the
Note: Repeat the health check binding definitions for all ports defined on all the remaining servers: Servers 12,
13, 14, 22, 23, and 24 . Notice that each server port value maps to two farms according to the following table .
Farm Servers
MainCluster 12, 13, 14 and 22, 23, 24
ClusterA 12, 13, 14
ClusterB 22, 23, 24
The remaining health service check values for Server 12 follow the same binding logic as those created here, as do all port checks for Servers 13 and 14 . Servers 22, 23, and 24 map to both the main cluster and Cluster B farms . You can also to use the CLI configuration file statements for the health check policies created so far and the same logic, adding the check bindings by making changes to the check name and the logic farm and server mappings . The health check server definitions presented here can be seen in the primary configuration file in the appendix . The new server statements can be appended to the existing configuration file by choosing
File > Configuration > Send to Device .
Primary AppDirector VRRP Configuration
Note: Radware offers two means of redundancy and failover between pairs of devices: proprietary and
VRRP . Since VRRP is the more commonly used method within the industry, this section presents the steps to configure both AppDirector devices using that method .
From the menu, choose
1 . AppDirector > Redundancy > Global Configuration and set the parameters as
shown here .
Click the
2 . Set button to save these changes .
Choose
Click the
6 . Set button to save the parameters . You should have a single entry in the Associated IP Addresses
table, as shown here .
Create a second entry in the
7 . Associated IP Addresses table as shown here .
This is the main cluster virtual IP address . Click the
8 . Set button to save the parameters .
Create another entry in the
This is the Cluster A virtual IP address . Click the
10 . Set button to save the parameters .
Create another entry in the
11 . Associated IP Addresses table as shown here .
This is the Cluster B virtual IP address . Click the
12 . Set button to save the parameters .
Create another entry in the
13 . Associated IP Addresses table as shown here .
This is the client NAT IP address . Click the
14 . Set button to save the parameters . The Associated IP Addresses table should now contain five
Change
16 . Admin Status to up, but leave all other settings unchanged as shown here .
Click the
17 . Set button to save the parameters .
On the
Choose
19 . AppDirector > Redundancy > Mirroring > Active Device Parameters and set the Client Table Mirroring status to enable as shown here .
Click the
20 . Set button to save the parameters .
Choose
21 . AppDirector > Redundancy > Mirroring > Mirror Device Parameters and create a new entry as
shown here .
This sets the backup AppDirector target address used for mirror traffic . Click the
22 . Set button to save the parameters .
Using a serial cable and a terminal emulation program, connect to AppDirector . 1 .
The default console port settings are: Bits per Second: 19200
• Data Bits: 8 • Parity: None • Stop Bits: 1 •
Flow Control: None •
Enter the following command to assign management IP address 192 .168 .3 .196 / 24 to interface 17 2 .
(dedicated management interface) of AppDirector:
net ip-interface create 192.168.3.196 255.255.255.0 17
Note: Connectivity to AppDirector can be established at this time if the client resides on the same
management subnet .
Enter the following command to assign IP address 10 .0 .0 .4 / 24 to interface 1 (production traffic 3 .
connectivity) of AppDirector:
net ip-interface create 10.0.0.4 255.255.255.0 1
Enter the following command to create a default gateway route entry on AppDirector pointing to 10 .0 .0 .1: 4 .
net route table create 0.0.0.0 0.0.0.0 10.0.0.1 -i 1
Using a browser, connect to the management IP address of the backup AppDirector (192 .168 .3 .196) via 5 .
HTTP or HTTPS . The default username and password are radware and radware .
Farm Configuration
The farm configuration is identical to that for the primary AppDirector . Please refer to the corresponding section for specific instructions .
Layer 4 Policy Configuration
The Layer 4 policy configuration is the same as for the primary AppDirector with one exception: Each 1 .
Layer 4 policy should be configured with a Redundancy Status value of Backup . Here is the additional switch value required on the primary AD L4 policy CLI statements if desired for upload .
Here is the original Layer 4 policy for the primary device:
appdirector l4-policy table create 10.0.0.10 TCP 80 0.0.0.0 MainVIP-80 \ -fn MainCluster -ta HTTP
To use the statement for the backup device, change it as shown here in bold:
appdirector l4-policy table create 10.0.0.10 TCP 80 0.0.0.0 MainVIP-80 \ -fn MainCluster -ta HTTP -rs Backup
Note: In the design presented here, three virtual IP addresses are used to represent three farms:
Virtual IP Farm Ports in Use
10.0.0.10 MainCluster TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
10.0.0.11 ClusterA TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
10.0.0.21 ClusterB TCP: 80, 443, 11122 UDP: 1645, 1646, 1812, 1813
When you specify port values in the Layer 4 policy table, an access list is automatically created for undefined values .
Please refer to the primary AppDirector Layer 4 policy configuration instructions, keeping in mind that 2 .
redundancy mode must be changed to Backup . Here is an example of the first policy in Backup status: Choose AppDirector > Layer 4 Farm Selection > Layer 4 Policy Table and create a new entry as shown here .
Note: The redundancy status for this farm has been set to Backup .
Client Network Address Translation Configuration
The client NAT configuration is identical to that for the primary AppDirector . Please refer to the corresponding section for specific instructions .
Adding Servers to the Farm
The server table configuration is identical to that for the primary AppDirector . Please refer to the corresponding section for specific instructions .
Health Monitoring Configuration
The health monitoring and check table configurations are identical to those for the primary AppDirector . Please refer to the corresponding section for specific instructions .
Binding Health Checks to Servers
The health monitoring binding table configuration is identical to that for the primary AppDirector . Please refer to the corresponding section for specific instructions .
Backup AppDirector VRRP Configuration
On the Backup AppDirector, choose
1 . AppDirector > Redundancy > Global Configuration and change the
Note: The priority on the backup AppDirector is set to 100; on the primary device, this value was set to 255 .
The device with the higher priority will be the master of this virtual router . Click the
4 . Set button to save the parameters .
Choose
5 . AppDirector > Redundancy > VRRP > Associated IP Addresses and create a new entry as
shown here .
Create a second entry in the Associated IP Addresses table as shown here . 6 .
This is the main cluster virtual IP address . Click the
7 . Set button to save the parameters .
Create another entry in the Associated IP Addresses table as shown here . 8 .
This is the Cluster A virtual IP address . Click the
9 . Set button to save the parameters .
Create another entry in the Associated IP Addresses table as shown here . 10 .
This is the Cluster B virtual IP address . Click the
11 . Set button to save the parameters .
Create another entry in the Associated IP Addresses table as shown here . 12 .
This is the client NAT IP address . Click the
13 . Set button to save the parameters .
Choose
14 . AppDirector > Redundancy > VRRP > Virtual Routers and click the link to If Index F-1 as
Click the
16 . Set button to save the parameters .
Verify that the
17 . State setting for the backup device for this virtual router is backup as shown here .
Choose
18 . AppDirector > Redundancy > Mirroring > Backup Device Parameters and set the mirroring
status to enable as shown here .
Click the
19 . Set button to save the parameters .
Choose
20 . AppDirector > Redundancy > Mirroring > Mirror Device Parameters and create a new entry as
shown here .
This sets the primary AppDirector target address used for mirror traffic . Click the
21 . Set button to save the parameters .
This concludes the configuration of the backup AppDirector and the local high-availability solution . See the appendix for the actual configurations .
Summary
As access networks grow and endpoints compete for both internal and external network access resources, enterprises need to maintain security, response times and service availability to ensure the best quality experience for end users . The Juniper Networks Infranet Controller-Radware AppDirector joint solution provides a highly available and scalable policy management service that does just that . The IC pushes the UAC agent down to the endpoint to collect user authentication, endpoint security state and device location information, or it can gather that same information in agentless mode . Radware AppDirector provides scalability and application-level security for service infrastructure optimization, fault tolerance and redundancy --ensuring local and global server availability and accelerated application performance while safeguarding services with integrated intrusion prevention and denial of service (DoS) protection . Together, the two components offer a best-in-class solution that helps enterprises get the most out of their infrastructure investments by maximizing the utilization and performance of their service resources .
!Device Configuration
!Date: 01-04-2008 22:53:46
!DeviceDescription: AppDirector Global !Base MAC Address: 00:03:b2:3d:38:c0
!Software Version: 1.06.07 (Build date Feb 13 2008, 23:50:02,Build#50) !APSolute OS Version: 10.31-01.01(26):2.06.06
!
manage snmp versions-after-reset set “v1 & v2c & v3” net ip-interface create 10.0.0.3 255.255.255.0 1 net ip-interface create 192.168.3.195 255.255.255.0 17 net route table create 0.0.0.0 0.0.0.0 10.0.0.1 -i 1 redundancy mode set VRRP
appdirector farm table setCreate MainCluster -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm table setCreate ClusterA -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm table setCreate ClusterB -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm server table create MainCluster 10.0.0.12 None -sn \ Server-12 -id 1 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.13
appdirector farm server table create MainCluster 10.0.0.13 None -sn \ Server-13 -id 2 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.14
appdirector farm server table create MainCluster 10.0.0.14 None -sn \ Server-14 -id 3 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.22
appdirector farm server table create MainCluster 10.0.0.22 None -sn \ Server-22 -id 4 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.23
appdirector farm server table create MainCluster 10.0.0.23 None -sn \ server-23 -id 5 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.24
appdirector farm server table create MainCluster 10.0.0.24 None -sn \ Server-24 -id 6 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.12
appdirector farm server table create ClusterA 10.0.0.12 None -sn \ Server-12 -id 7 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.13
appdirector farm server table create ClusterA 10.0.0.13 None -sn \ Server-13 -id 8 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.14
appdirector farm server table create ClusterA 10.0.0.14 None -sn \ Server-14 -id 9 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.12
appdirector farm server table create ClusterB 10.0.0.22 None -sn \ Server-22 -id 10 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.23
appdirector farm server table create ClusterB 10.0.0.23 None -sn \ server-23 -id 11 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.24
appdirector farm server table create ClusterB 10.0.0.24 None -sn \ Server-24 -id 12 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.22
redundancy interface-group set enable
redundancy mirror main client-status set enable redundancy backup-in-vlan set disable
redundancy backup-fake-arp set enable
appdirector farm connectivity-check httpcode setCreate MainCluster \ “200 - OK”
appdirector farm connectivity-check httpcode setCreate ClusterA \ “200 - OK”
appdirector farm connectivity-check httpcode setCreate ClusterB \ “200 - OK”
net next-hop-router setCreate 10.0.0.1 -fl 1
appdirector farm nhr setCreate 0.0.0.0 -ip 10.0.0.1 -fl 1 appdirector farm extended-params set MainCluster -nr 10.0.0.2 appdirector farm extended-params set ClusterA -nr 10.0.0.2 appdirector farm extended-params set ClusterB -nr 10.0.0.2
appdirector nat client address-range setCreate 10.0.0.2 -t 10.0.0.2 appdirector nat client range-to-nat setCreate 0.0.0.0 -t 255.255.255.255 redundancy backup-interface-group set enable
appdirector segmentation nhr-table setCreate DefaultNHR -ip 10.0.0.1 -fl \ 1 appdirector l4-policy table create 10.0.0.10 TCP 80 0.0.0.0 MainVIP-80 \ -fn MainCluster -ta HTTP
appdirector l4-policy table create 10.0.0.10 TCP 443 0.0.0.0 MainVIP-443 \ -fn MainCluster -ta HTTPS
appdirector l4-policy table create 10.0.0.10 TCP 11122 0.0.0.0 \ MainVIP-11122 -fn MainCluster
appdirector l4-policy table create 10.0.0.10 UDP 1812 0.0.0.0 \ MainVIP-1812 -fn MainCluster
appdirector l4-policy table create 10.0.0.10 UDP 1813 0.0.0.0 \ MainVIP-1813 -fn MainCluster
appdirector l4-policy table create 10.0.0.10 UDP 1645 0.0.0.0 \ MainVIP-1645 -fn MainCluster
appdirector l4-policy table create 10.0.0.10 UDP 1646 0.0.0.0 \ MainVIP-1646 -fn MainCluster
appdirector l4-policy table create 10.0.0.11 TCP 11122 0.0.0.0 \ ClusterAVIP-11122 -fn ClusterA
appdirector l4-policy table create 10.0.0.11 UDP 1812 0.0.0.0 \ ClusterAVIP-1812 -fn ClusterA
appdirector l4-policy table create 10.0.0.11 UDP 1813 0.0.0.0 \ ClusterAVIP-1813 -fn ClusterA
appdirector l4-policy table create 10.0.0.11 UDP 1645 0.0.0.0 \ ClusterAVIP-1645 -fn ClusterA
appdirector l4-policy table create 10.0.0.11 UDP 1646 0.0.0.0 \ ClusterAVIP-1646 -fn ClusterA
appdirector l4-policy table create 10.0.0.21 TCP 80 0.0.0.0 \ ClusterBVIP-80 -fn ClusterB -ta HTTP
appdirector l4-policy table create 10.0.0.21 TCP 443 0.0.0.0 \ ClusterBVIP-443 -fn ClusterB -ta HTTPS
appdirector l4-policy table create 10.0.0.21 TCP 11122 0.0.0.0 \ ClusterBVIP-11122 -fn ClusterB
appdirector l4-policy table create 10.0.0.21 UDP 1812 0.0.0.0 \ ClusterBVIP-1812 -fn ClusterB
appdirector l4-policy table create 10.0.0.21 UDP 1813 0.0.0.0 \ ClusterBVIP-1813 -fn ClusterB
appdirector l4-policy table create 10.0.0.21 UDP 1645 0.0.0.0 \ ClusterBVIP-1645 -fn ClusterB
appdirector l4-policy table create 10.0.0.21 UDP 1646 0.0.0.0 \ ClusterBVIP-1646 -fn ClusterB
appdirector farm dns-persistency-params set MainCluster -gm 0.0.0.0 appdirector farm dns-persistency-params set ClusterA -gm 0.0.0.0 appdirector farm dns-persistency-params set ClusterB -gm 0.0.0.0 redundancy vrrp automated-config-update set Enabled
health-monitoring check create Server12-TCP-80 -id 1 -m “TCP Port” -p 80 \ -i 5 -r 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-SSL-443 -id 2 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-TCP-11122 -id 3 -m “TCP Port” -p \ 11122 -i 5 -r 3 -t 3 -d 10.0.0.12
3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1813 -id 5 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1645 -id 6 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1646 -id 7 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server13-TCP-80 -id 8 -m “TCP Port” -p 80 \ -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-SSL-443 -id 9 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-TCP-11122 -id 10 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1812 -id 11 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1813 -id 12 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1645 -id 13 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1646 -id 14 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server14-TCP-80 -id 15 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-SSL-443 -id 16 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-TCP-11122 -id 17 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1812 -id 18 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1813 -id 19 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1645 -id 20 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1646 -id 21 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server22-TCP-80 -id 22 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-SSL-443 -id 23 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1813 -id 26 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1645 -id 27 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1646 -id 28 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server23-TCP-80 -id 29 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-SSL-443 -id 30 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-TCP-11122 -id 31 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1812 -id 32 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1813 -id 33 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1645 -id 34 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1646 -id 35 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server24-TCP-80 -id 36 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-SSL-443 -id 37 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-TCP-11122 -id 38 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1812 -id 39 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1813 -id 40 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1645 -id 41 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1646 -id 42 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring binding create 2 1 health-monitoring binding create 3 1 health-monitoring binding create 4 1 health-monitoring binding create 5 1 health-monitoring binding create 6 1 health-monitoring binding create 7 1 health-monitoring binding create 8 2 health-monitoring binding create 9 2 health-monitoring binding create 10 2 health-monitoring binding create 11 2 health-monitoring binding create 12 2 health-monitoring binding create 13 2 health-monitoring binding create 14 2 health-monitoring binding create 15 3 health-monitoring binding create 16 3 health-monitoring binding create 17 3 health-monitoring binding create 18 3 health-monitoring binding create 19 3 health-monitoring binding create 20 3 health-monitoring binding create 21 3 health-monitoring binding create 22 4 health-monitoring binding create 23 4 health-monitoring binding create 24 4 health-monitoring binding create 25 4 health-monitoring binding create 26 4 health-monitoring binding create 27 4 health-monitoring binding create 28 4 health-monitoring binding create 29 5 health-monitoring binding create 30 5 health-monitoring binding create 31 5 health-monitoring binding create 32 5 health-monitoring binding create 33 5 health-monitoring binding create 34 5 health-monitoring binding create 35 5 health-monitoring binding create 36 6 health-monitoring binding create 37 6 health-monitoring binding create 38 6 health-monitoring binding create 39 6 health-monitoring binding create 40 6
health-monitoring binding create 3 7 health-monitoring binding create 4 7 health-monitoring binding create 5 7 health-monitoring binding create 6 7 health-monitoring binding create 7 7 health-monitoring binding create 8 8 health-monitoring binding create 9 8 health-monitoring binding create 10 8 health-monitoring binding create 11 8 health-monitoring binding create 12 8 health-monitoring binding create 13 8 health-monitoring binding create 14 8 health-monitoring binding create 15 9 health-monitoring binding create 16 9 health-monitoring binding create 17 9 health-monitoring binding create 18 9 health-monitoring binding create 19 9 health-monitoring binding create 20 9 health-monitoring binding create 21 9 health-monitoring binding create 22 10 health-monitoring binding create 23 10 health-monitoring binding create 24 10 health-monitoring binding create 25 10 health-monitoring binding create 26 10 health-monitoring binding create 27 10 health-monitoring binding create 28 10 health-monitoring binding create 29 11 health-monitoring binding create 30 11 health-monitoring binding create 31 11 health-monitoring binding create 32 11 health-monitoring binding create 33 11 health-monitoring binding create 34 11 health-monitoring binding create 35 11 health-monitoring binding create 36 12 health-monitoring binding create 37 12
health-monitoring binding create 38 12 health-monitoring binding create 39 12 health-monitoring binding create 40 12 health-monitoring binding create 41 12 health-monitoring binding create 42 12 health-monitoring status set enable
redundancy vrrp virtual-routers create 1 1 -as up -p 255 -pip 10.0.0.3 redundancy vrrp associated-ip create 1 1 10.0.0.10
redundancy vrrp associated-ip create 1 1 10.0.0.3 redundancy vrrp associated-ip create 1 1 10.0.0.11 redundancy vrrp associated-ip create 1 1 10.0.0.21 redundancy vrrp associated-ip create 1 1 10.0.0.2
manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable
manage telnet server-port set 23 manage web status set enable manage ssh status set enable
manage secure-web status set enable redundancy arp-interface-group set Send net l2-interface set 100001 -ad up
redundancy vrrp global-advertise-int set 0
manage snmp groups create SNMPv1 public -gn initial
manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial
manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial
manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial UserBased authPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly UserBased authPriv -rvn \ ReadOnlyView
manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded
manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create allTraps -ta v3Traps
manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 27b3b471956b14d758029658921e092e -pp DES -pkc \
27b3b471956b14d758029658921e092e
manage snmp target-address create v3MngStations -tl v3Traps -p \ radware-authPriv
manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noAuthNoPriv
manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c \ -sn public -sl noAuthNoPriv
manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm \ UserBased -sn radware -sl authPriv
manage snmp community create public -n public -sn public manage telnet session-timeout set 120
manage telnet auth-timeout set 30
appdirector global connectivity-check tcp-timeout set 3 !File Signature: 5e329021c901f95404673d9fce626311
Backup Configuration from OnDemand Switch 2 Platform
!Device Configuration
!Date: 01-04-2008 22:53:46
!DeviceDescription: AppDirector Global !Base MAC Address: 00:03:b2:3d:38:c0
!Software Version: 1.06.07 (Build date Feb 13 2008, 23:50:02,Build#50) !APSolute OS Version: 10.31-01.01(26):2.06.06
!
net ip-interface create 10.0.0.4 255.255.255.0 1 net ip-interface create 192.168.3.196 255.255.255.0 17 net route table create 0.0.0.0 0.0.0.0 10.0.0.1 -i 1 redundancy mode set VRRP
appdirector farm table setCreate MainCluster -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm table setCreate ClusterA -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm table setCreate ClusterB -as Enabled -dm “Fewest Number of Users” -cm “No Checks”
appdirector farm server table create MainCluster 10.0.0.12 None -sn \ Server-12 -id 1 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.13
appdirector farm server table create MainCluster 10.0.0.13 None -sn \ Server-13 -id 2 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.14
appdirector farm server table create MainCluster 10.0.0.14 None -sn \ Server-14 -id 3 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.22
appdirector farm server table create MainCluster 10.0.0.22 None -sn \ Server-22 -id 4 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.23
appdirector farm server table create MainCluster 10.0.0.23 None -sn \ server-23 -id 5 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.24
appdirector farm server table create MainCluster 10.0.0.24 None -sn \ Server-24 -id 6 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.12
appdirector farm server table create ClusterA 10.0.0.12 None -sn \ Server-12 -id 7 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.13
appdirector farm server table create ClusterA 10.0.0.13 None -sn \ Server-13 -id 8 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.14
appdirector farm server table create ClusterA 10.0.0.14 None -sn \ Server-14 -id 9 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.12
appdirector farm server table create ClusterB 10.0.0.22 None -sn \ Server-22 -id 10 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.23
appdirector farm server table create ClusterB 10.0.0.23 None -sn \ server-23 -id 11 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.24
appdirector farm server table create ClusterB 10.0.0.24 None -sn \ Server-24 -id 12 -rt 0.0.0.0 -cn Enabled -ba 10.0.0.22
redundancy interface-group set enable redundancy mirror backup status set enable redundancy mirror address setCreate 10.0.0.3 redundancy backup-fake-arp set enable
appdirector farm connectivity-check httpcode setCreate MainCluster \ “200 - OK”
net next-hop-router setCreate 10.0.0.1 -fl 1
appdirector farm nhr setCreate 0.0.0.0 -ip 10.0.0.1 -fl 1 appdirector farm extended-params set MainCluster -nr 10.0.0.2 appdirector farm extended-params set ClusterA -nr 10.0.0.2 appdirector farm extended-params set ClusterB -nr 10.0.0.2
appdirector nat client address-range setCreate 10.0.0.2 -t 10.0.0.2 appdirector nat client range-to-nat setCreate 0.0.0.0 -t 255.255.255.255 redundancy backup-interface-group set enable
appdirector segmentation nhr-table setCreate DefaultNHR -ip 10.0.0.1 -fl \ 1 appdirector l4-policy table create 10.0.0.10 TCP 80 0.0.0.0 MainVIP-80 \ -fn MainCluster -ta HTTP -rs Backup
appdirector l4-policy table create 10.0.0.10 TCP 443 0.0.0.0 MainVIP-443 \ -fn MainCluster -ta HTTPS -rs Backup
appdirector l4-policy table create 10.0.0.10 TCP 11122 0.0.0.0 \ MainVIP-11122 -fn MainCluster -rs Backup
appdirector l4-policy table create 10.0.0.10 UDP 1812 0.0.0.0 \ MainVIP-1812 -fn MainCluster -rs Backup
appdirector l4-policy table create 10.0.0.10 UDP 1813 0.0.0.0 \ MainVIP-1813 -fn MainCluster -rs Backup
appdirector l4-policy table create 10.0.0.10 UDP 1645 0.0.0.0 \ MainVIP-1645 -fn MainCluster -rs Backup
appdirector l4-policy table create 10.0.0.10 UDP 1646 0.0.0.0 \ MainVIP-1646 -fn MainCluster -rs Backup
appdirector l4-policy table create 10.0.0.11 TCP 80 0.0.0.0 \ ClusterAVIP-80 -fn ClusterA -ta HTTP -rs Backup
appdirector l4-policy table create 10.0.0.11 TCP 443 0.0.0.0 \ ClusterAVIP-443 -fn ClusterA -ta HTTPS -rs Backup
appdirector l4-policy table create 10.0.0.11 TCP 11122 0.0.0.0 \ ClusterAVIP-11122 -fn ClusterA -rs Backup
appdirector l4-policy table create 10.0.0.11 UDP 1812 0.0.0.0 \ ClusterAVIP-1812 -fn ClusterA -rs Backup
appdirector l4-policy table create 10.0.0.11 UDP 1813 0.0.0.0 \ ClusterAVIP-1813 -fn ClusterA -rs Backup
appdirector l4-policy table create 10.0.0.11 UDP 1645 0.0.0.0 \ ClusterAVIP-1645 -fn ClusterA -rs Backup
appdirector l4-policy table create 10.0.0.11 UDP 1646 0.0.0.0 \ ClusterAVIP-1646 -fn ClusterA -rs Backup
appdirector l4-policy table create 10.0.0.21 TCP 80 0.0.0.0 \ ClusterBVIP-80 -fn ClusterB -ta HTTP -rs Backup
appdirector l4-policy table create 10.0.0.21 TCP 443 0.0.0.0 \ ClusterBVIP-443 -fn ClusterB -ta HTTPS -rs Backup
appdirector l4-policy table create 10.0.0.21 TCP 11122 0.0.0.0 \ ClusterBVIP-11122 -fn ClusterB -rs Backup
appdirector l4-policy table create 10.0.0.21 UDP 1812 0.0.0.0 \ ClusterBVIP-1812 -fn ClusterB -rs Backup
appdirector l4-policy table create 10.0.0.21 UDP 1813 0.0.0.0 \ ClusterBVIP-1813 -fn ClusterB -rs Backup
appdirector l4-policy table create 10.0.0.21 UDP 1645 0.0.0.0 \ ClusterBVIP-1645 -fn ClusterB -rs Backup
appdirector l4-policy table create 10.0.0.21 UDP 1646 0.0.0.0 \ ClusterBVIP-1646 -fn ClusterB -rs Backup
appdirector farm dns-persistency-params set MainCluster -gm 0.0.0.0 appdirector farm dns-persistency-params set ClusterA -gm 0.0.0.0 appdirector farm dns-persistency-params set ClusterB -gm 0.0.0.0 redundancy vrrp automated-config-update set Enabled
health-monitoring check create Server12-TCP-80 -id 1 -m “TCP Port” -p 80 \ -i 5 -r 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-SSL-443 -id 2 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-TCP-11122 -id 3 -m “TCP Port” -p \ 11122 -i 5 -r 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1812 -id 4 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1813 -id 5 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1645 -id 6 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server12-Ping-1646 -id 7 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.12
health-monitoring check create Server13-TCP-80 -id 8 -m “TCP Port” -p 80 \ -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-SSL-443 -id 9 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-TCP-11122 -id 10 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1645 -id 13 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server13-Ping-1646 -id 14 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.13
health-monitoring check create Server14-TCP-80 -id 15 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-SSL-443 -id 16 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-TCP-11122 -id 17 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1812 -id 18 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1813 -id 19 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1645 -id 20 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server14-Ping-1646 -id 21 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.14
health-monitoring check create Server22-TCP-80 -id 22 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-SSL-443 -id 23 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-TCP-11122 -id 24 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1812 -id 25 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1813 -id 26 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1645 -id 27 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server22-Ping-1646 -id 28 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.22
health-monitoring check create Server23-TCP-80 -id 29 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-SSL-443 -id 30 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-TCP-11122 -id 31 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1812 -id 32 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1813 -id 33 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1645 -id 34 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server23-Ping-1646 -id 35 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.23
health-monitoring check create Server24-TCP-80 -id 36 -m “TCP Port” -p \ 80 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-SSL-443 -id 37 -m “SSL Hello” -p \ 443 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-TCP-11122 -id 38 -m “TCP Port” \ -p 11122 -i 5 -r 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1812 -id 39 -p 1812 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1813 -id 40 -p 1813 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1645 -id 41 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring check create Server24-Ping-1646 -id 42 -p 1646 -i 5 -r \ 3 -t 3 -d 10.0.0.24
health-monitoring binding create 1 1 health-monitoring binding create 2 1 health-monitoring binding create 3 1 health-monitoring binding create 4 1 health-monitoring binding create 5 1 health-monitoring binding create 6 1 health-monitoring binding create 7 1 health-monitoring binding create 8 2 health-monitoring binding create 9 2 health-monitoring binding create 10 2 health-monitoring binding create 11 2 health-monitoring binding create 12 2 health-monitoring binding create 13 2 health-monitoring binding create 14 2 health-monitoring binding create 15 3 health-monitoring binding create 16 3
health-monitoring binding create 21 3 health-monitoring binding create 22 4 health-monitoring binding create 23 4 health-monitoring binding create 24 4 health-monitoring binding create 25 4 health-monitoring binding create 26 4 health-monitoring binding create 27 4 health-monitoring binding create 28 4 health-monitoring binding create 29 5 health-monitoring binding create 30 5 health-monitoring binding create 31 5 health-monitoring binding create 32 5 health-monitoring binding create 33 5 health-monitoring binding create 34 5 health-monitoring binding create 35 5 health-monitoring binding create 36 6 health-monitoring binding create 37 6 health-monitoring binding create 38 6 health-monitoring binding create 39 6 health-monitoring binding create 40 6 health-monitoring binding create 41 6 health-monitoring binding create 42 6 health-monitoring binding create 1 7 health-monitoring binding create 2 7 health-monitoring binding create 3 7 health-monitoring binding create 4 7 health-monitoring binding create 5 7 health-monitoring binding create 6 7 health-monitoring binding create 7 7 health-monitoring binding create 8 8 health-monitoring binding create 9 8 health-monitoring binding create 10 8 health-monitoring binding create 11 8 health-monitoring binding create 12 8 health-monitoring binding create 13 8
health-monitoring binding create 14 8 health-monitoring binding create 15 9 health-monitoring binding create 16 9 health-monitoring binding create 17 9 health-monitoring binding create 18 9 health-monitoring binding create 19 9 health-monitoring binding create 20 9 health-monitoring binding create 21 9 health-monitoring binding create 22 10 health-monitoring binding create 23 10 health-monitoring binding create 24 10 health-monitoring binding create 25 10 health-monitoring binding create 26 10 health-monitoring binding create 27 10 health-monitoring binding create 28 10 health-monitoring binding create 29 11 health-monitoring binding create 30 11 health-monitoring binding create 31 11 health-monitoring binding create 32 11 health-monitoring binding create 33 11 health-monitoring binding create 34 11 health-monitoring binding create 35 11 health-monitoring binding create 36 12 health-monitoring binding create 37 12 health-monitoring binding create 38 12 health-monitoring binding create 39 12 health-monitoring binding create 40 12 health-monitoring binding create 41 12 health-monitoring binding create 42 12 health-monitoring status set enable
redundancy vrrp virtual-routers create 1 1 -as up -p 100 -pip 10.0.0.4 redundancy vrrp associated-ip create 1 1 10.0.0.10
redundancy vrrp associated-ip create 1 1 10.0.0.3 redundancy vrrp associated-ip create 1 1 10.0.0.11 redundancy vrrp associated-ip create 1 1 10.0.0.21 redundancy vrrp associated-ip create 1 1 10.0.0.2
manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable
net l2-interface set 100001 -ad up manage terminal prompt set AppDirector_B
manage snmp groups create SNMPv1 public -gn initial
manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial
manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial
manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial UserBased authPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly UserBased authPriv -rvn \ ReadOnlyView
manage snmp views create iso 1
manage snmp views create ReadOnlyView 1
manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded
manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create allTraps -ta v3Traps
manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 27b3b471956b14d758029658921e092e -pp DES -pkc \
27b3b471956b14d758029658921e092e
radware-authPriv
manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noAuthNoPriv
manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c \ -sn public -sl noAuthNoPriv
manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm \ UserBased -sn radware -sl authPriv
manage snmp community create public -n public -sn public manage telnet session-timeout set 120
manage telnet auth-timeout set 30
appdirector global connectivity-check tcp-timeout set 3 !File Signature: 5e329021c901f95404673d9fce626311
Copyright 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. CORPORATE AND SALES HEADQUARTERS
Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net EMEA HEADQUARTERS Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 Fax: 35.31.8903.601 APAC HEADQUARTERS
Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King’s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803
