一:配置ip
PC1:ip和网关
FW1、FW2:三个接口的ip
R1:接口ip和路由
二:配置防火墙的区域和安全策略
FW1和FW2配置一样:
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/2
[USG6000V1-zone-trust]q
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]add int g1/0/0
[USG6000V1-zone-untrust]q
[USG6000V1]firewall zone dmz
[USG6000V1-zone-dmz]add int g1/0/1
[USG6000V1-zone-dmz]q
[USG6000V1]security-policy
[USG6000V1-policy-security]rule name tr2untr
[USG6000V1-policy-security-rule-tr2untr]source-zone trust
[USG6000V1-policy-security-rule-tr2untr]destination-zone untrust
[USG6000V1-policy-security-rule-tr2untr]action permit
[USG6000V1-policy-security-rule-tr2untr]q
[USG6000V1-policy-security]rule name local2dmz
[USG6000V1-policy-security-rule-local2dmz]source-zone local
[USG6000V1-policy-security-rule-local2dmz]destination-zone dmz
[USG6000V1-policy-security-rule-local2dmz]action permit
[USG6000V1-policy-security-rule-local2dmz]q
三:配置VRRP备份组
FW1:
[USG6000V1]int g1/0/2
[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 active
[USG6000V1-GigabitEthernet1/0/2]q
[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 active
FW2:
[USG6000V1]int g1/0/2
[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 standby
[USG6000V1-GigabitEthernet1/0/2]q
[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 standby
四:配置心跳接口
FW1:
[USG6000V1]hrp int g1/0/1 remote 172.16.1.2
FW2:
[USG6000V1]hrp int g1/0/1 remote 172.16.1.1
五:开启双击热备
FW1:
[USG6000V1]hrp enable
FW2:
[USG6000V1]hrp enable
六:验证
FW1:
HRP_M[USG6000V1]dis hrp state
Role: active, peer: standby
Running priority: 45000, peer: 45000
Core state: normal, peer: normal
Backup channel usage: 0.00%
Stable time: 0 days, 0 hours, 4 minutes
Last state change information: 2018-11-10 8:38:01 HRP core state changed, old_s
tate = abnormal(standby), new_state = normal, local_priority = 45000, peer_prior
ity = 45000.
FW2:
HRP_S[USG6000V1]dis hrp state
Role: standby, peer: active
Running priority: 45000, peer: 45000
Core state: normal, peer: normal
Backup channel usage: 0.00%
Stable time: 0 days, 0 hours, 5 minutes
Last state change information: 2018-11-10 8:38:01 HRP link changes to up.