Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
84
Figure 44 Network diagram
Configuration procedure
1. Configure BFD on Firewall A:
# Configure the source address of BFD echo packets as 10.10.10.10.
<FirewallA> system-view
[FirewallA] bfd echo-source-ip 10.10.10.10
2. Create the track entry to associate with the BFD session on Firewall A:
# Create track entry 1 for the BFD session on Firewall A to check whether the uplink device with the
IP address 1.1.1.2 is reachable.
[FirewallA] track 1 bfd echo interface gigabitethernet 0/1 remote ip 1.1.1.2 local
ip 1.1.1.1
3. Configure VRRP on Firewall A:
# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10;
configure the priority of Firewall A in VRRP group 1 as 110; configure VRRP group 1 to monitor the
status of track entry 1. When the status of the track entry becomes Negative, the priority of Firewall
A decreases by 20.
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet 0/2] vrrp vrid 1 virtual-ip 192.168.0.10
[FirewallA-GigabitEthernet 0/2] vrrp vrid 1 priority 110
[FirewallA-GigabitEthernet 0/2] vrrp vrid 1 track 1 reduced 20
[FirewallA-GigabitEthernet 0/2] return
4. Configure VRRP on Firewall B:
# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10.
<FirewallB> system-view