Cisco Systems OL-5650-02 Configuring an IP Static Route for a Firewall

5-5

Cisco Content Services Switch Security Configuration Guide

OL-5650-02

Chapter5 Configuring Firewall Load Balancing

Configuring FWLB

Use the ip firewall timeout number command to specify the number of seconds

the CSS will wait to receive a keepalive message from the remote CSS before

declaring the firewall unreachable.The timeout range is 3 to 16 seconds. The

default is 3 seconds.

Note The amount of time required for a firewall path to become available is unaffected

by this command; it remains at three seconds.

For example, to set a timeout of 16 enter:

(config)# ip firewall timeout 16

To reset the firewall timeout to the default value of three seconds, enter:

(config)# no ip firewall timeout

Configuring an IP Static Route for a Firewall

To configure a static route for firewalls, use the ip route... firewall command.

You can optionally set the administrative distance for the IP route.

Note You must define the firewall index before you define the firewall static route or

the CSS will return an error message. To configure the firewall index, see the ip

firewall command.

The syntax for this command is:

ip route ip_address subnet_mask firewall index distance

The variables are:

•ip_address - The destination network address. Enter the IP address in

dotted-decimal notation (for example, 192.168.11.1).

•subnet_mask - The IP subnet mask. Enter the mask in either:

–

CIDR bitcount notation (for example, /24). Do not enter a space to

separate the IP address from the prefix length.

–

Dotted-decimal notation (for example, 255.255.255.0).