Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
81
Figure 43 Network diagram
Configuration procedure
1. Configure VRRP on Firewall A:
<FirewallA> system-view
[FirewallA] interface gigabitethernet 0/1
# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. Set the
priority of Firewall A in VRRP group 1 to 110.
[FirewallA-GigabitEthernet 0/1] vrrp vrid 1 virtual-ip 192.168.0.10
[FirewallA-GigabitEthernet 0/1] vrrp vrid 1 priority 110
[FirewallA-GigabitEthernet 0/1] return
2. Configure BFD on Firewall B:
# Configure the source address of BFD echo packets as 10.10.10.10.
<FirewallB> system-view
[FirewallB] bfd echo-source-ip 10.10.10.10
3. Create a track entry to be associated with the BFD session on Firewall B:
# Create track entry 1 to be associated with the BFD session to check whether Firewall A is
reachable.
[FirewallB] track 1 bfd echo interface gigabitethernet 0/1 remote ip 192.168.0.101
local ip 192.168.0.102
4. Configure VRRP on Firewall B:
# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. VRRP
group 1 monitors the status of track entry 1. When the status of the track entry becomes Negative,
Firewall B becomes the master quickly.
[FirewallB] interface gigabitethernet 0/1
Internet
Virtual Router
Virtual IP address:
192.168.0.10
GE0/1
192.168.0.101/24
GE0/1
192.168.0.102/24
Firewall A
Master
Firewall B
Backup
L2 switch
VRRP packets
BFD probe packets