Fault resolution of firewall cluster and replacement switch

Source: Internet
Author: User
Tags firewall

Network environment: Routers--optical fiber--three-layer switch--fiber--firewall--fiber--two-layer switch-twisted pair-top two-layer switch-twisted-pair-server.

Company because of the development of business and customer demand. decided to the original two 8000+ firewall to add two units to four G hard to prevent the cluster. At the same time, the original switch (a three-layer exchange of a two-layer exchange) for the optical port and the h3c-5500 system of more than the switch. All in one go, the original plan will be completed in only 10 minutes.

In the construction accident occurred: When all settings are configured to the required power on, most servers do not have access to the Internet (even the gateway does not pass). In the step-by-step of the investigation, the time has passed four or five hours, resulting in a large customer opinion. The reason may be that the firewall cluster is unsuccessful ———— then use the contingency plan: the server does not go through the firewall, now most of the server business is normal. But some servers still do not have access to the Internet. Access to the server terminal found in the 360ARP firewall did not get the gateway MAC address, so shut down the 360ARP firewall, then the server is normal. It turns out that this 360ARP firewall is at work ———— no change the IP switch will occur (reboot or turn off the service is OK).

Summarize:

First, the success rate of firewall cluster can not guarantee 100%, do any changes in the network and upgrading of the upgrade must have contingency plan; you can't wait for the first set of scenarios to fail before you think of a solution. Everything has contingency, so to choose the least amount of business, there are more than three sets of programs, there is sufficient preparation of the case under construction.

Two, 360 firewall in the case of the server (360 is also open), replace the gateway device (IP does not change), easy to cause the server can not normally get the gateway MAC address, and the server can not connect network. The solution is to enter the system to shut down the 360 firewall or retrieve the gateway MAC address or reboot the server (with the customer's consent).

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/jhjs/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.