F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
527
Figure 304 Network diagram
1540BConfiguration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPF so that Firewall A and Firewall B can reach each other. (Details not shown.)
3. Configure BGP on Firewall A:
# Establish two IBGP connections to Firewall B.
<FirewallA> system-view
[FirewallA] bgp 200
[FirewallA-bgp] peer 3.0.2.2 as-number 200
[FirewallA-bgp] peer 2.0.2.2 as-number 200
[FirewallA-bgp] quit
# Create ACL 2000 to permit 1.1.1.0/24 to pass.
[FirewallA] acl number 2000
[FirewallA-acl-basic-2000] rule permit source 1.1.1.0 0.0.0.255
[FirewallA-acl-basic-2000] quit
# Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the
MED for route 1.1.1.0/24 to 50. Policy apply_med_100 sets that to 100.
[FirewallA] route-policy apply_med_50 permit node 10
[FirewallA-route-policy] if-match acl 2000
[FirewallA-route-policy] apply cost 50
[FirewallA-route-policy] quit
[FirewallA] route-policy apply_med_100 permit node 10
[FirewallA-route-policy] if-match acl 2000
[FirewallA-route-policy] apply cost 100
[FirewallA-route-policy] quit
# Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing
policy apply_med_100 to routes outgoing to peer 2.0.2.2.
[FirewallA] bgp 200
[FirewallA-bgp] peer 3.0.2.2 route-policy apply_med_50 export
[FirewallA-bgp] peer 2.0.2.2 route-policy apply_med_100 export
# Enable BFD for peer 3.0.2.2.
[FirewallA-bgp] peer 3.0.2.2 bfd