Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
31
# After Firewall A resumes normal operation, use the display vrrp verbose command to display the
detailed information about VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1
The output shows that after Firewall A resumes normal operation, it becomes the master, and
packets sent from Host A to Host B are forwarded by Firewall A.
VRRP interface tracking configuration example
Network requirements
Host A wants to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.
Firewall A and Firewall B belong to VRRP group 1 with the virtual IP address of 202.38.160.111/24.
When Firewall A operates correctly, packets sent from Host A to Host B are forwarded by Firewall
A. When interface GigabitEthernet 0/2 through which Firewall A connects to the Internet is not
available, packets sent from Host A to Host B are forwarded by Firewall B.
To prevent attacks to the VRRP group from illegal users by using spoofed packets, configure the
authentication mode as plain text to authenticate the VRRP packets in VRRP group 1. Specify the
authentication key as hello.
Figure 18 Network diagram