R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101
54
The output information indicates that when there is a fault on the link between Firewall A and Router C,
the priority of Firewall A decreases to 80. Firewall A becomes the backup, and Firewall B becomes the
master. Packets from Host A to Host B are forwarded through Firewall B.
Static routing-track-NQA collaboration configuration example
Network requirements
• As shown in Figure 25, the next hop of the static route from Firewall to Router C is Router B.
• Configure Static Routing-Track-NQA collaboration on Firewall to implement real-time monitoring of
the validity of the static route to Router A.
Figure 25 Network diagram for Static Routing-Track-NQA collaboration configuration
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 25.
2. Configure a static route on Firewall and associate it with the track entry.
# Configure the address of the next hop of the static route to Router A as 10.2.1.1, and configure the static
route to associate with track entry 1.
<Firewall> system-view
[Firewall] ip route-static 10.1.1.2 24 10.2.1.1 track 1
3. Configure an NQA test group on Firewall.
# Create an NQA test group with the administrator admin and the operation tag test.
[Firewall] nqa entry admin test
# Configure the test type as ICMP-echo.
[Firewall-nqa-admin-test] type icmp-echo
# Configure the destination address as 10.2.1.1
[Firewall-nqa-admin-test-icmp-echo] destination ip 10.2.1.1
# Configure the test frequency as 100 ms.
[Firewall-nqa-admin-test-icmp-echo] frequency 100
# Configure reaction entry 1, specifying that five consecutive probe failures trigger the Static
Routing-Track-NQA collaboration.
[Firewall-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type
consecutive 5 action-type trigger-only
[Firewall-nqa-admin-test-icmp-echo] quit
# Start NQA probes.