Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
57
Figure 32 Configuring stateful failover
2. Configure Device B.
Except the Main Device for Configuration Synchronization and Auto Synchronization settings that
are not needed for Device B, other settings on Device B are consistent with those on Device A.
(Details not shown.)
Configuration guidelines
When you configure stateful failover, follow these guidelines:
Configure VRRP or a dynamic routing protocol on the failover devices and the uplink/downlink
devices to make sure the traffic can automatically switch to the other device if one device fails.
Stateful failover can be implemented only between two devices rather than among more than two
devices. Use a network cable or optical fiber to directly connect the failover interfaces. No
intermediary device (such as a router, a switch, or a hub) is allowed between the interfaces.
The same failover interfaces—with the same type and number—must exist on the two devices.
Otherwise, data backup fails.
To run NAT on two failover devices, you need to add the failover interfaces on the two devices to
the same security zone, and configure two identical NAT address pools for each device, but the
higher-priority address pool on a device must be different from that on the other; otherwise, a
conflict may occur during stateful failover. For example, you can configure two NAT address pools,
100.0.0.1 through 100.0.0.5 (Pool 1), and 100.0.0.6 through 100.0.0.10 (Pool 2) on devices A
and B. Pool 1 has a lower priority on Device A, while Pool 2 has a lower priority on Device B. For
more information, see NAT Configuration Guide.
While the active device synchronizes all configurations to the standby device, the redundant
configurations (if any) on the standby device are not removed. This may result in a synchronization
failure. To avoid this problem, HP recommends you to check that the configurations on the active
and standby devices are consistent before configuration synchronization.
If you click Modify Backup Interface before clicking Apply, the configurations you have made on
the stateful failover configuration page will be lost.