Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
59
Task Remarks
Service module related configurations
Optional.
A device providing NAT, ALG, or blacklist services
automatically backs up related information to the backup
device after the configurations take effect.
109BEnabling stateful failover
When you enable stateful failover with the dhbk enable backup-type { dissymmetric-path |
symmetric-path } command, one of the following happens:
If you specify the dissymmetric-path keyword, the two devices operate in active/active mode.
Sessions enter and leave the internal network through different devices to achieve load sharing.
If you specify the symmetric-path keyword, the two devices operate in active/standby mode.
Sessions enter and leave the internal network through one device.
Select a keyword based on the network environment and resources, and specify the same keyword for
both devices.
To enable stateful failover:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable stateful failover in a
specified mode.
dhbk enable backup-type
{ dissymmetric-path |
symmetric-path }
Disabled by default.
110BEnabling automatic configuration synchronization
To implement service backup between two devices (A and B, for example), make sure the service status,
service data, and service configurations on the two devices are consistent. You can enable automatic
configuration synchronization on A and use the default configuration on B. After that, A automatically
synchronizes configurations of the service modules that support stateful failover to B in real time.
To enable automatic configuration synchronization:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the local device to
perform automatic
configuration synchronization
to the peer.
dhbk configuration-backup master
[ synchronization ]
By default, a device only receives
backup configuration from the
peer.
If the synchronization keyword is
specified, the local device
automatically synchronizes
configurations of the service
modules that support stateful
failover to the peer. If the
synchronization keyword is not
specified, automatic
synchronization is not performed.