HP VPN Firewall Appliances High Availability Configuration Guide
86
Figure 41 Network diagram
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 41. (Details not shown.)
2. Configure Firewall A:
# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.1.1.2 and the
default priority 60. This static route is associated with track entry 1.
<FirewallA> system-view
[FirewallA] ip route-static 30.1.1.0 24 10.1.1.2 track 1
# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the
priority 80.
[FirewallA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80
# Configure a static route to 10.2.1.4, with the address of the next hop as 10.1.1.2.
[FirewallA] ip route-static 10.2.1.4 24 10.1.1.2
# Create an NQA test group with the administrator admin and the operation tag test.
[FirewallA] nqa entry admin test
# Configure the test type as ICMP-echo.
[FirewallA-nqa-admin-test] type icmp-echo
# Configure the destination address of the test as 10.2.1.4 and the next hop address as 10.1.1.2
to check the connectivity of the path from Firewall A to Router A, and then to Firewall B through
NQA.
[FirewallA-nqa-admin-test-icmp-echo] destination ip 10.2.1.4
[FirewallA-nqa-admin-test-icmp-echo] next-hop 10.1.1.2
# Configure the test frequency as 100 ms.
[FirewallA-nqa-admin-test-icmp-echo] frequency 100
# Configure reaction entry 1, specifying that five consecutive probe failures trigger the Track
module.
[FirewallA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail
threshold-type consecutive 5 action-type trigger-only
[FirewallA-nqa-admin-test-icmp-echo] quit
# Start the NQA test.