5.2 多区域防火墙中部署双机热备

图片[1]-5.2 多区域防火墙中部署双机热备-大赛人网

1.FW1配置

interface GigabitEthernet1/0/1
 ip address 192.168.1.251 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.254 active
 service-manage all permit

interface GigabitEthernet1/0/2
 ip address 192.168.2.251 255.255.255.0
 vrrp vrid 2 virtual-ip 192.168.2.254 active
 service-manage all permit

firewall zone trust
 add interface GigabitEthernet1/0/1

firewall zone untrust
 add interface GigabitEthernet1/0/2

security-policy
 rule name t_2_un
  source-zone trust
  destination-zone untrust
  source-address 192.168.1.0 mask 255.255.255.0
  action permit

2.FW2配置

interface GigabitEthernet1/0/1
 ip address 192.168.1.252 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.1.254 standby
 service-manage all permit

interface GigabitEthernet1/0/2
ip address 192.168.2.252 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.2.254 standby
 service-manage all permit

firewall zone trust
 add interface GigabitEthernet1/0/1

firewall zone untrust
 add interface GigabitEthernet1/0/2

security-policy
 rule name t_2_un
  source-zone trust
  destination-zone untrust
  source-address 192.168.1.0 mask 255.255.255.0
  action permit

3.FW1查看vrrp

display vrrp brief
VRID  State        Interface                Type     Virtual IP     
1     Master       GE1/0/1                  Vgmp     192.168.1.254  
2     Master       GE1/0/2                  Vgmp     192.168.2.254  

4.FW2查看vrrp

display vrrp brief
VRID  State        Interface                Type     Virtual IP     
1     Backup       GE1/0/1                  Vgmp     192.168.1.254  
1     Backup       GE1/0/2                  Vgmp     192.168.2.254 
© 版权声明
THE END
喜欢就支持一下吧
点赞11 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容