HP VPN Firewall Appliances Network Management Configuration Guide
343
Summary Count : 1
Destination/Mask Proto Pre Cost NextHop Interface
120.1.1.0/24 Static 65 0 10.1.1.100 GE1/2
Static Routing table Status : < Inactive>
Summary Count : 1
Destination/Mask Proto Pre Cost NextHop Interface
120.1.1.0/24 Static 60 0 12.1.1.2 GE1/1
The output shows that Firewall A communicates with Firewall B through Router.
BFD for static routes configuration example (indirect next hop)
The following matrix shows the configuration example and hardware compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI No
F1000-E No
F5000 Yes
F5000-S/F5000-C No
VPN firewall modules No
20-Gbps VPN firewall modules No
Network requirements
In Figure 243, Firewall A has a route to interface Loopback 1 (2.2.2.9/32) on Firewall B, with the output
interface GigabitEthernet 1/1. Firewall B has a route to interface Loopback 1 (1.1.1.9/32) on Firewall A,
with the output interface GigabitEthernet 1/1. Router D has a route to 1.1.1.9/32, with the output interface
GigabitEthernet 1/1, and a route to 2.2.2.9/32, with the output interface GigabitEthernet 1/2.
Configure a static route to subnet 120.1.1.0/24 on Firewall A, and configure a static route to subnet
121.1.1.0 / 24 o n Fi re wa l l B . E n ab l e B F D f o r b ot h r o ut e s . Co n f ig u r e a s t a t i c ro u t e t o s u b n e t 12 0 .1.1.0 / 24
and a static route to subnet 121.1.1.0/24 on both Router A and Router B. When the link between Firewall
A and Router B through Router B fails, BFD can detect the failure immediately and inform Firewall A and
Firewall B to communicate through Router A.