Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
74
289BNetwork requirements
As shown in 516HFigure 37, configure Host A to access Host B on the Internet. The default gateway of
H o s t A i s 10 .1.1.10 / 24 .
Firewall A and Firewall B belong to VRRP group 1, which has the virtual IP address 10.1.1.10.
When Firewall A works normally, packets from Host A to Host B are forwarded through Firewall A.
When NQA detects that a fault is on the uplink of Firewall A, packets from Host A to Host B are
forwarded through Firewall B.
Figure 37 Network diagram
290BConfiguration procedure
1. Configure the IP address of each interface as shown in 517HFigure 37. (Details not shown.)
2. Configure an NQA test group on Firewall A:
# Create an NQA test group with the administrator name admin and the operation tag test.
<FirewallA> system-view
[FirewallA] nqa entry admin test
# Configure the test type as ICMP echo test.
[FirewallA-nqa-admin-test] type icmp-echo
# Configure the destination address as 10.1.2.2.
[FirewallA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2
# Configure the interval between two consecutive tests as 100 milliseconds.
[FirewallA-nqa-admin-test-icmp-echo] frequency 100
# Create reaction entry 1, specifying that five consecutive probe failures trigger the track module.
[FirewallA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail
threshold-type consecutive 5 action-type trigger-only
[FirewallA-nqa-admin-test-icmp-echo] quit
# Start the NQA test.
[FirewallA] nqa schedule admin test start-time now lifetime forever
3. Configure a track entry on Firewall A:
# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the
administrator admin, and the operation tag test).
[FirewallA] track 1 nqa entry admin test reaction 1