Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
141142143144145146147148149150
139
Figure 64 Network diagram
Configuration procedure
1. Assign each interface an IP address. (Details not shown.)
2. On Firewall, configure a unicast static route, and associate the static route with a track entry:
# Configure a static route, and associate the static route with track entry 1.
<Firewall> system-view
[Firewall] ip route-static 10.1.1.2 24 10.2.1.1 track 1
3. On Firewall, configure an ICMP echo operation:
# Create an NQA operation with the administrator name being admin and operation tag being
test1.
[Firewall] nqa entry admin test1
# Configure the NQA operation type as ICMP echo.
[Firewall-nqa-admin-test1] type icmp-echo
# Configure 10.2.2.1 as the destination IP address.
[Firewall-nqa-admin-test1-icmp-echo] destination ip 10.2.1.1
# Configure the operation to repeat at an interval of 100 milliseconds.
[Firewall-nqa-admin-test1-icmp-echo] frequency 100
# Create reaction entry 1. If the number of consecutive probe failures reaches 5, collaboration is
triggered.
[Firewall-nqa-admin-test1-icmp-echo] reaction 1 checked-element probe-fail
threshold-type consecutive 5 action-type trigger-only
[Firewall-nqa-admin-test1-icmp-echo] quit
# Start the ICMP echo operation.
[Firewall] nqa schedule admin test1 start-time now lifetime forever
4. On Firewall, create the track entry:
# Create track entry 1, and associate it with reaction entry 1 of ICMP echo operation admin-test1.
[Firewall] track 1 nqa entry admin test1 reaction 1
Verifying the configuration
# On Firewall, display information about all track entries.
[Firewall] display track all
Track ID: 1
Status: Positive
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object: