Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
85
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface gigabitethernet 1/2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 192.168.0.10
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.102
The output shows that when Firewall A detects that the uplink fails through BFD, it decreases its priority
by 20 to make sure that Firewall B can preempt as the master.
Static routing-Track-NQA collaboration configuration example
Network requirements
As shown in Figure 41, Firewall A, Firewall B, Router A, and Router B are connected to two segments
20.1.1.0/24 and 30.1.1.0/24. Configure static routes on these routers so that the two segments can
communicate with each other. Configure route backup to improve network reliability.
Firewall A is the default gateway of the hosts in segment 20.1.1.0/24. Two static routes to 30.1.1.0/24
exist on Firewall A, with the next hop being Router A and Router B, respectively. These two static routes
back up each other, where:
The static route with Router A as the next hop has a higher priority, and is the master route. If this
route is available, Firewall A forwards packets to 30.1.1.0/24 through Router A.
The static route with Router B as the next hop acts as the backup route.
Configure static routing-Track-NQA collaboration to determine whether the master route is
available in real time. If the master route is unavailable, the backup route takes effect, and Firewall
A forwards packets to 30.1.1.0/24 through Router B.
Similarly, Firewall B is the default gateway of the hosts in segment 30.1.1.0/24. Two static routes to
20.1.1.0/24 exist on Firewall B, with the next hop being Router A and Router B, respectively. These two
static routes back up each other, where:
The static route with Router A as the next hop has a higher priority, and is the master route. If this
route is available, Firewall B forwards pack e t s t o 2 0 .1.1. 0 / 24 t h r o u g h R o u t e r A .
The static route with Router B as the next hop acts as the backup route.
Configure static routing-Track-NQA collaboration to determine whether the master route is
available in real time. If the master route is unavailable, the backup route takes effect, and Firewall
B forwards packets to 20.1.1.0/24 through Router B.