Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
92
The static route with Firewall A as the next hop has a higher priority, and is the master route. If this
route is available, Firewall B forwards packets to 20.1.1.0/24 through Firewall A.
The static route with Router as the next hop acts as the backup route.
Configure static routing-track-BFD collaboration to determine whether the master route is available
in real time. If the master route is unavailable, BFD can quickly detect the route failure to make the
backup route take effect, and Firewall B forwards packets to 20.1.1.0/24 through Router and
Firewall A.
Figure 46 Network diagram
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 46. (Details not shown.)
2. Configure Firewall A:
# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.2.1.2 and the
default priority 60. This static route is associated with track entry 1.
<FirewallA> system-view
[FirewallA] ip route-static 30.1.1.0 24 10.2.1.2 track 1
# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the
priority 80.
[FirewallA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80
# Configure the source address of BFD echo packets as 10.10.10.10.
[FirewallA] bfd echo-source-ip 10.10.10.10
# Configure track entry 1, and associate it with the BFD session. Check whether Firewall A can be
interoperated with the next hop of static route: Firewall B.
[FirewallA] track 1 bfd echo interface gigabitethernet 0/1 remote ip 10.2.1.2 local
ip 10.2.1.1
3. Configure Firewall B:
# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.2.1.1 and the
default priority 60. This static route is associated with track entry 1.
<FirewallB> system-view
[FirewallB] ip route-static 20.1.1.0 24 10.2.1.1 track 1
# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.4.1.3 and the
priority 80.
[FirewallB] ip route-static 20.1.1.0 24 10.4.1.3 preference 80
# Configure the source address of BFD echo packets as 1.1.1.1.
[FirewallB] bfd echo-source-ip 1.1.1.1