双机热备实验

Posted on 2020-06-16 12:23  留不住的时间  阅读(407)  评论(0编辑  收藏  举报

 

 

 

一:配置ip

  PC1ip和网关

  FW1FW2:三个接口的ip

  R1:接口ip和路由

二:配置防火墙的区域和安全策略

FW1FW2配置一样:

[USG6000V1]firewall zone trust

[USG6000V1-zone-trust]add int g1/0/2

[USG6000V1-zone-trust]q

[USG6000V1]firewall zone untrust

[USG6000V1-zone-untrust]add int g1/0/0

[USG6000V1-zone-untrust]q

[USG6000V1]firewall zone dmz

[USG6000V1-zone-dmz]add int g1/0/1

[USG6000V1-zone-dmz]q

[USG6000V1]security-policy

[USG6000V1-policy-security]rule name tr2untr

[USG6000V1-policy-security-rule-tr2untr]source-zone trust

[USG6000V1-policy-security-rule-tr2untr]destination-zone untrust

[USG6000V1-policy-security-rule-tr2untr]action permit

[USG6000V1-policy-security-rule-tr2untr]q

[USG6000V1-policy-security]rule name local2dmz

[USG6000V1-policy-security-rule-local2dmz]source-zone local

[USG6000V1-policy-security-rule-local2dmz]destination-zone dmz

[USG6000V1-policy-security-rule-local2dmz]action permit

[USG6000V1-policy-security-rule-local2dmz]q

 

三:配置VRRP备份组

FW1

[USG6000V1]int g1/0/2

[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 active

[USG6000V1-GigabitEthernet1/0/2]q

[USG6000V1]int g1/0/0

[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 active

FW2

[USG6000V1]int g1/0/2

[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 standby

[USG6000V1-GigabitEthernet1/0/2]q

[USG6000V1]int g1/0/0

[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 standby

 

四:配置心跳接口

FW1

[USG6000V1]hrp int g1/0/1 remote 172.16.1.2

FW2

[USG6000V1]hrp int g1/0/1 remote 172.16.1.1

 

五:开启双击热备

FW1

[USG6000V1]hrp enable

FW2

[USG6000V1]hrp enable

 

六:验证

FW1

HRP_M[USG6000V1]dis hrp state

 Role: active, peer: standby

 Running priority: 45000, peer: 45000

 Core state: normal, peer: normal

 Backup channel usage: 0.00%

 Stable time: 0 days, 0 hours, 4 minutes

 Last state change information: 2018-11-10 8:38:01 HRP core state changed, old_s

tate = abnormal(standby), new_state = normal, local_priority = 45000, peer_prior

ity = 45000.

 

FW2

HRP_S[USG6000V1]dis hrp state

 Role: standby, peer: active

 Running priority: 45000, peer: 45000

 Core state: normal, peer: normal

 Backup channel usage: 0.00%

 Stable time: 0 days, 0 hours, 5 minutes

 Last state change information: 2018-11-10 8:38:01 HRP link changes to up.