![图片[1]-5.2 多区域防火墙中部署双机热备-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片55-1.png)
1.FW1配置
interface GigabitEthernet1/0/1
ip address 192.168.1.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254 active
service-manage all permit
interface GigabitEthernet1/0/2
ip address 192.168.2.251 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254 active
service-manage all permit
firewall zone trust
add interface GigabitEthernet1/0/1
firewall zone untrust
add interface GigabitEthernet1/0/2
security-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 192.168.1.0 mask 255.255.255.0
action permit
2.FW2配置
interface GigabitEthernet1/0/1
ip address 192.168.1.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254 standby
service-manage all permit
interface GigabitEthernet1/0/2
ip address 192.168.2.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.2.254 standby
service-manage all permit
firewall zone trust
add interface GigabitEthernet1/0/1
firewall zone untrust
add interface GigabitEthernet1/0/2
security-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 192.168.1.0 mask 255.255.255.0
action permit
3.FW1查看vrrp
display vrrp brief
VRID State Interface Type Virtual IP
1 Master GE1/0/1 Vgmp 192.168.1.254
2 Master GE1/0/2 Vgmp 192.168.2.254
4.FW2查看vrrp
display vrrp brief
VRID State Interface Type Virtual IP
1 Backup GE1/0/1 Vgmp 192.168.1.254
1 Backup GE1/0/2 Vgmp 192.168.2.254
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容