Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
79
Figure 39 Network diagram
Configuration procedure
1. Configure VRRP on Firewall A:
<FirewallA> system-view
[FirewallA] interface gigabitethernet 1/1
# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. Set the
priority of Firewall A in VRRP group 1 to 110.
[FirewallA-gigabitethernet1/1] vrrp vrid 1 virtual-ip 192.168.0.10
[FirewallA-gigabitethernet1/1] vrrp vrid 1 priority 110
[FirewallA-gigabitethernet1/1] return
2. Configure BFD on Firewall B:
# Configure the source address of BFD echo packets as 10.10.10.10.
<FirewallB> system-view
[FirewallB] bfd echo-source-ip 10.10.10.10
3. Create a track entry to be associated with the BFD session on Firewall B:
# Create track entry 1 to be associated with the BFD session to check whether Firewall A is
reachable.
[FirewallB] track 1 bfd echo interface gigabitethernet 1/1 remote ip 192.168.0.101
local ip 192.168.0.102
4. Configure VRRP on Firewall B:
# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. VRRP
group 1 monitors the status of track entry 1. When the status of the track entry becomes Negative,
Firewall B becomes the master quickly.
[FirewallB] interface gigabitethernet 1/1