Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
81
295BNetwork requirements
As shown in 519HFigure 39, Firewall A and Firewall B belong to VRRP group 1, whose virtual IP address
is 192.168.0.10.
The default gateway of the hosts in the LAN is 192.168.0.10.
When Firewall A works normally, hosts in the LAN access the external network through Firewall A.
When Firewall A detects that the uplink is down through BFD, it decreases its priority so that Firewall
B can preempt as the master, ensuring that the hosts in the LAN can access the external network
through Firewall B.
Figure 39 Network diagram
296BConfiguration procedure
1. Configure BFD on Firewall A:
# Configure the source address of BFD echo packets as 10.10.10.10.
<FirewallA> system-view
[FirewallA] bfd echo-source-ip 10.10.10.10
2. Create the track entry to associate with the BFD session on Firewall A:
# Create track entry 1 for the BFD session on Firewall A to check whether the uplink device with the
IP address 1.1.1.2 is reachable.
[FirewallA] track 1 bfd echo interface gigabitethernet1/1 remote ip 1.1.1.2 local ip
1.1.1.1
3. Configure VRRP on Firewall A:
# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10.
Configure the priority of Firewall A in VRRP group 1 as 110, and configure VRRP group 1 to
monitor the status of track entry 1. When the status of the track entry becomes Negative, the
priority of Firewall A decreases by 20.