Firewall configuration Ten tasks eight, LAN-based failover configuration

Last Update:2015-03-08 Source: Internet

Author: User

Tags failover

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Firewall Configuration Task Eight

Configuration of LAN-based failover

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T60FnSVC1KAAGXmXslRgM935.jpg "title=" 8.1. PNG "alt=" Wkiol1t60fnsvc1kaagxmxslrgm935.jpg "/>

Task topology Diagram 8.1

1. Configure the primary firewall name pix1, the standby firewall name is PIX2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/3B/wKiom1T6z1-xmov_AACMDOFweh4699.jpg "title=" 8.2. PNG "alt=" Wkiom1t6z1-xmov_aacmdofweh4699.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T6z3DC4bU8AABuJYs8Tgk332.jpg "title=" 8.3. PNG "alt=" Wkiom1t6z3dc4bu8aabujys8tgk332.jpg "/>

Figure 8.2

2. Configure the outside interface of the primary firewall and configure the backup interface as the 192.168.1.2/24.inside interface IP and configure the backup interface as 10.10.10.2/24.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T6z4qQg0UwAAEmWUJN9ss699.jpg "title=" 8.4. PNG "alt=" Wkiom1t6z4qqg0uwaaemwujn9ss699.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T60LejP032AAEN5S_nl-0705.jpg "title=" 8.5. PNG "alt=" Wkiol1t60lejp032aaen5s_nl-0705.jpg "/>

Figure 8.3

3. Configure the Inside,outside interface address for the standby firewall pix2, and the interface security level is the default.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T60M_g69WyAAHBIa9FEPM962.jpg "title=" 8.6. PNG "alt=" Wkiol1t60m_g69wyaahbia9fepm962.jpg "/>

Figure 8.4

4. Configure the host address in the inside zone to the 10.10.10.3/24.outside Zone host address of 192.168.1.3/24. Each gateway is the Inside,outside interface address.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T60WLhBOQ3AAFzRfo1bYg687.jpg "title=" 8.7. PNG "alt=" Wkiol1t60wlhboq3aafzrfo1byg687.jpg "/>

Figure 8.5

5. Make an Access control list on the primary firewall, called ICMP to release all ICMP traffic.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T60GmxFIaPAAE6xPCALkw595.jpg "title=" 8.8. PNG "alt=" Wkiom1t60gmxfiapaae6xpcalkw595.jpg "/>

Figure 8.6

6. Configure the default route to the outside zone on the primary firewall. The Out interface is 192.168.1.1.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T60H7hGbPJAABt_UcSYEw364.jpg "title=" 8.9. PNG "alt=" Wkiom1t60h7hgbpjaabt_ucsyew364.jpg "/>

Figure 8.7

7. Configure NAT translation on the main firewall, inside convert all, outside interface to do pnat conversion.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T60arxwIiBAAHflFF0LyU228.jpg "title=" 8.10. PNG "alt=" Wkiol1t60arxwiibaahflff0lyu228.jpg "/>

Figure 8.8

8. Configure LAN-based failover on the primary firewall, make the E2 interface of the firewall a heartbeat line, named Xiaoming,ip address 172.16.1.1/24,standby address is 172.16.1.2/ 24, set the failover role of the firewall to primary, and enable.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/3B/wKiom1T60KqBlDyZAAOb9jnrtG0485.jpg "title=" 8.11. PNG "alt=" Wkiom1t60kqbldyzaaob9jnrtg0485.jpg "/>

Figure 8.9

9. Review the failover current status of the primary firewall.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T60dqyM_JmAAN-r6SWz2g349.jpg "title=" 8.12. PNG "alt=" Wkiol1t60dqym_jmaan-r6swz2g349.jpg "/>

Figure 8.10

10. Configure the LAN-based failover on the standby firewall (PIX2).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T60NeiqbVzAAU83NeIiSo025.jpg "title=" 8.13. PNG "alt=" Wkiom1t60neiqbvzaau83neiiso025.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T60grTzDM5AAD41zka8w4251.jpg "title=" 8.14. PNG "alt=" Wkiol1t60grtzdm5aad41zka8w4251.jpg "/>

Figure 8.11

11. Review the failover status of the standby firewall.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T60QaidmABAAL2J4pmX1o877.jpg "title=" 8.15. PNG "alt=" Wkiom1t60qaidmabaal2j4pmx1o877.jpg "/>

Figure 8.12

12. Once again check the status of the failover, the system displays the IP address of the secondary.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T60kSD7vtOAAMifkTtziA883.jpg "title=" 8.16. PNG "alt=" Wkiol1t60ksd7vtoaamifkttzia883.jpg "/>

Figure 8.13

On pix2, failover finds the partner, starts copying the configuration file, and the copy succeeds.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T60mGAopXEAAEMg3lyWSs674.jpg "title=" 8.17. PNG "alt=" Wkiol1t60mgaopxeaaemg3lywss674.jpg "/>

Figure 8.14

13. Check the current failover status of the standby firewall. Displays normal. And the standby pre-fire system interface is automatically converted to pix1. The current role is displayed as this host:secondary = standby ready.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/3B/wKiom1T60V7SGDxxAASr5KcL4As432.jpg "title=" 8.18. PNG "alt=" Wkiom1t60v7sgdxxaasr5kcl4as432.jpg "/>

Figure 8.15

After the 14.failover configuration is successful, view the failover status on Pix1, which is displayed as primary--active.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T60pbTWnSLAASw6pe3FQo086.jpg "title=" 8.20. PNG "alt=" Wkiol1t60pbtwnslaasw6pe3fqo086.jpg "/>

Figure 8.16

The internal host keeps pinging the external host, powering down the primary firewall and viewing the failover status. The interface shows that the failover was successful.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T60aSi64kOAATtHy3DFy8224.jpg "title=" 8.21. PNG "alt=" Wkiom1t60asi64koaatthy3dfy8224.jpg "/>

Figure 8.17

16. Switch the standby firewall to the active state. The switch is displayed successfully.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T60b-TDk1XAADjOAZdAAw328.jpg "title=" 8.22. PNG "alt=" Wkiom1t60b-tdk1xaadjoazdaaw328.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T60urxxtVGAAEWatnKCBc954.jpg "title=" 8.23. PNG "alt=" Wkiol1t60urxxtvgaaewatnkcbc954.jpg "/>

Figure 8.18

View the failover status of the current firewall on pix1.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T60wjxQ9viAAL0HPkvHmw932.jpg "title=" 8.24. PNG "alt=" Wkiol1t60wjxq9viaal0hpkvhmw932.jpg "/>

Figure 8.19

17. Make multiple state transitions on the firewall, impacting traffic across the firewalls.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T601eR7EpyAAY3BcD4H7k298.jpg "title=" 8.30. PNG "alt=" Wkiol1t601er7epyaay3bcd4h7k298.jpg "/>

Figure 8.20

This article is from the "Network" blog, be sure to keep this source http://zznetwork.blog.51cto.com/9398550/1618290

Firewall configuration Ten tasks eight, LAN-based failover configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More