PIX Firewall Basic Features: failure handling mechanism and redundancy-principle and experiment

Last Update:2015-04-27 Source: Internet

Author: User

Tags failover

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

(1) Terminology

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650 "this.width=650;" src= "http ://s3.51cto.com/wyfs02/m02/6b/f8/wkiom1u7xxrxdcjdaaegjxlx_ho871.jpg "title=" Clipboard.png "alt=" Wkiom1u7xxrxdcjdaaegjxlx_ho871.jpg "/>

(2) Basic process

Step 1: The activity unit copies all its configurations to the standby unit, which is sent via the fail-over mechanism cable

Step 2: Send a dedicated hello group every 15 seconds

Step 3: The standby unit does not receive two consecutive Hello groupings within a specified time

Step 4: Transfer the active control to the standby unit while the invalidation mechanism tests the interface through various tests

(3) Experiment

Note: To import the activation code on the PIX firewall before doing the experiment

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/F4/wKioL1U7xxHhIryVAAEiwtQweNc511.jpg "title=" Clipboard1.png "alt=" Wkiol1u7xxhhiryvaaeiwtqwenc511.jpg "/> Here R2 as the internet

First step: R1, R2 configuration (slightly)

Step Two: FW1 configure access to the Internet

Step Three: Fw1-failover configuration

Fourth Step: Fw2-failover Configuration

First step: R1, R2 configuration (slightly)

Step Two: FW1 configure access to the Internet

Interface configuration:

FW1 (config) #interface E0

FW1 (config-if) #no shutdown

FW1 (config-if) #ip add 192.168.1.254 255.255.255.0

FW1 (config-if) #nameif inside

FW1 (config-if) #security-level 100

FW1 (config) #interface E1

FW1 (config-if) #no shutdown

FW1 (config-if) #ip add 100.1.1.1 255.255.255.0

FW1 (config-if) #nameif outside

FW1 (config-if) #security-level 100

FW1 (config) #interface E2

FW1 (config-if) #no shutdown

FW1 (config-if) #ip add 10.1.12.1 255.255.255.0

FW1 (config) #interface E3

FW1 (config-if) #no shutdown

FW1 (config-if) #ip add 10.2.12.1 255.255.255.0

Default route, NAT configuration

FW1 (config) #route outside 0 0 100.1.1.2

FW1 (config) #access-list NAT permit ip any any

FW1 (config) #nat (inside) 1 access-list NAT

FW1 (config) #global (outside) 1 interface

Step Three: Fw1-failover configuration

FW1 (config) #failover//Turn On Failure handling function

FW1 (config) #failover LAN enable//enable LAN-based failure handling

FW1 (config) #failover key Cisco//Certificate of failure handling function

FW1 (config) #failover LAN unit Primary//Set as active unit

FW1 (config) #failover LAN interface PZ ETHERNET2//E2 interface named PZ and defined as configuration interface

FW1 (config) #failover LAN link ZT Ethernet3//E3 interface named ZT and defined as State interface

FW1 (config) #failover interface ip PZ 10.1.12.1 255.255.255.0 standby 10.1.12.2 //Specify the primary configuration interface and the secondary configuration interface and configure the IP address for the primary configuration interface

FW2 (config) #failover interface ip ZT 10.2.12.1 255.255.255.0 standby 10.2.12.2 //Specify Primary state interface and secondary state interface

Fourth Step: Fw2-failover Configuration

Basic Interface Configuration:

FW2 (config) #interface E0

FW2 (config) #no Shudown

FW2 (config) #interface E1

FW2 (config) #no shutdown

FW2 (config) #interface E2

FW2 (config) #no shutdown

FW2 (config-if) #ip address 10.1.12.2 255.255.255.0

FW2 (config) #interface E3

FW2 (config) #no shutdown

FW2 (config) #ip address 10.2.12.2 255.255.255.0

Failover configuration:

FW1 (config) #failover//Turn On Failure handling function

FW1 (config) #failover LAN enable//enable LAN-based failure handling

FW1 (config) #failover key Cisco//Certificate of failure handling function

FW1 (config) #failover LAN unit Secondary//set as standby unit

FW1 (config) #failover LAN interface PZ ETHERNET2//E2 interface named PZ and defined as configuration interface

FW1 (config) #failover LAN link ZT Ethernet3//E3 interface named ZT and defined as State interface

FW1 (config) #failover interface ip PZ 10.1.12.1 255.255.255.0 standby 10.1.12.2 //Specify primary Configuration interface and secondary configuration interface

FW2 (config) #failover interface ip ZT 10.2.12.1 255.255.255.0 standby 10.2.12.2 //Specify Primary state interface and secondary state interface

This article is from the "fragrant fluttering leaves" blog, please make sure to keep this source http://xpleaf.blog.51cto.com/9315560/1638738

PIX Firewall Basic Features: failure handling mechanism and redundancy-principle and experiment

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More