Application Delivery (ADX)

Occasional Contributor
Posts: 6
Registered: ‎01-17-2011

I have some questions about ADX1000 How to protect my network

Hello everyone.

We need to protect our network from DDoS attack( especially web-service in DMZ).

We have some different servers (WEB) so balancing we will not use.

Now we use Cisco ASA5540 with module SSM-20 to protect our network.

But the last time during syn flood attack cisco was overload.

So we want to use Brocade before Cisco.

INTERNET--->Brocade---->Cisco---->Our network.

Is that a good idea?

Brocade ADX 1000 works with switch code!

There is outside interface on the Cisco has Internet address

Here I can't understand, how to use virtual/real servers in that case.

In my opinion Brocade in switch mode must not have any ip address for virtual/real servers.

Maybe I don't understand working Brocade in switch mode (with switch code)

Can someone explain this to me in brief? or give me a brief instruction

For example, I use eth1 for external network, eth2 for internal network (on Brocade)

Best regards, Vladimir.

Posts: 24
Registered: ‎11-03-2010

Re: I have some questions about ADX1000 How to protect my network

Hi Vladimir,

I would not propose to use a ADX in front of a firewall. ADX is for loadbalancing and ASA is for security. Only if you want to balance lots of ASAs with ADX and build a Firewall Sandwich.

The ASA has many feature to mitigate attacks. Search for >Preventing Network Attacks with ASA<.

There is also a special feature in ASA specialized for DDOS attacks called Botnet Traffic Filter. There's a good white paper about that called 'Combating Botnets Using the Cisco ASA Botnet Traffic Filter' at


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.