Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
91
PING 30.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms
Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 30.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
# The output on Firewall B is similar to that on Firewall A. When the master route fails, the hosts in
30.1.1.0/24 can still communicate with the hosts in 20.1.1.0/24.
[FirewallB] ping -a 30.1.1.1 20.1.1.1
PING 20.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 20.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
Static routing-track-BFD collaboration configuration example
Network requirements
As shown in Figure 46, Firewall A, Firewall B, and Router are connected to two segments 20.1.1.0/24
and 30.1.1.0/24. Configure static routes on these devices so that the two segments can communicate
with each other, and configure route backup to improve reliability of the network.
Firewall A is the default gateway of the hosts in segment 20.1.1.0/24. Two static routes to 30.1.1.0/24
exist on Firewall A, with the next hop being Firewall B and Router respectively. These two static routes
back up each other, where:
The static route with Firewall B as the next hop has a higher priority, and is the master route. If this
route is available, Firewall A forwards packets to 30.1.1.0/24 through Firewall B.
The static route with Router as the next hop acts as the backup route.
Configure static routing-track-BFD collaboration to determine whether the master route is available
in real time. If the master route is unavailable, BFD can quickly detect the route failure to make the
backup route take effect, and Firewall A forwards packets to 30.1.1.0/24 through Router and
Firewall B.
Similarly, Firewall B is the default gateway of the hosts in segment 30.1.1.0/24. Two static routes to
20.1.1.0/24 exist on Firewall B, with the next hop being Firewall A and Router respectively. These two
static routes back up each other, where: