F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

181

182

183

184

185

186

187

188

189

190

177

374BConfiguration procedure

1. Configure IP addresses:

615HFigure 81 to configure the IP address and subnet mask for each interface. (Details not

shown.)

2. Configure a static route:

# On Firewall A, configure a static route to the segment 192.168.2.0/24 where Host B resides.

<FirewallA> system-view

[FirewallA] ip route-static 192.168.2.0 24 gigabitethernet 0/1 1.1.1.2

[FirewallA] ip route-static 192.168.2.0 24 gigabitethernet 0/2 2.2.2.2

[FirewallA] ip route-static 192.168.2.0 24 gigabitethernet 0/3 3.3.3.2

# On Firewall B, configure a static route to the segment 192.168.1.0/24 where Host A resides.

<FirewallB> system-view

[FirewallB] ip route-static 192.168.1.0 24 gigabitethernet 0/1 1.1.1.1

[FirewallB] ip route-static 192.168.1.0 24 gigabitethernet 0/2 2.2.2.1

[FirewallB] ip route-static 192.168.1.0 24 gigabitethernet 0/3 3.3.3.1

3. Configure the standby interfaces and switchover delays on Firewall A:

# Specify interfaces GigabitEthernet 0/2 and GigabitEthernet 0/3 on Router A to back up

GigabitEthernet 0/1, and assign them the priorities 30 and 20, respectively.

[FirewallA] interface gigabitethernet 0/1

[FirewallA-GigabitEthernet0/1] standby interface gigabitethernet 0/2 30

[FirewallA-GigabitEthernet0/1] standby interface gigabitethernet 0/3 20

# Configure switchover delays to 10 seconds.

[FirewallA-GigabitEthernet0/1] standby timer delay 10 10

4. Verify the configuration on Firewall A:

# Display the state of the active and standby interfaces.

[FirewallA-GigabitEthernet0/1] display standby state

Interface Interfacestate Standbystate Standbyflag Pri Loadstate

GigabitEthernet0/1 UP MUP MU

GigabitEthernet0/2 STANDBY STANDBY BU 30

GigabitEthernet0/3 STANDBY STANDBY BU 20

Backup-flag meaning:

M---MAIN B---BACKUP V---MOVED U---USED

D---LOAD P---PULLED

# Manually shut down the active interface GigabitEthernet 0/1.

[FirewallA-GigabitEthernet0/1] shutdown

# 10 seconds after the active interface was shut down, standby interface GigabitEthernet 0/2 with

a higher priority is enabled. Then you can view the state of the active and standby interfaces.

[RouterA-GigabitEthernet0/1] display standby state

Interface Interfacestate Standbystate Standbyflag Pri Loadstate

GigabitEthernet0/1 DOWN MDOWN MU

GigabitEthernet0/2 UP UP BU 30

GigabitEthernet0/3 STANDBY STANDBY BU 20

Backup-flag meaning:

M---MAIN B---BACKUP V---MOVED U---USED