Juniper SSG 550M ha configuration document

Master firewall configuration

unset interface e4 IP addresses e4 IP address deletion

Set interface e4 zone Ha binds E4 and ha regions together

Ssg550-> set NSRP Cluster ID 1 sets cluster group number

SSG550 (M)-> set NSRP VSD ID 0 Sets the group number of the VSD, which can be used without input because the value of the default virtual security database (VSD) for the NetScreen firewall is 0.

SSG550 (M)-> set NSRP Vsd-group ID 0 Priority 50 sets the priority value of the NSRP primary device, the smaller the priority value, the higher the priority.

SSG550 (M)-> set NSRP RTO syn Set configuration sync

SSG550 (M)-> set NSRP vsd-group ID 0 Monitor interface ethernet3 set Firewall monitor port, assuming port 3 failure or connected switch fails, the firewall's working status will switch to backup firewall 。

SSG550 (M)-> set NSRP vsd-group ID 0 Monitor interface ethernet1 set Firewall monitor port, assuming port 1 failure or connected switch fails, the firewall's working status will switch to backup firewall 。

Note: If there is no monitoring port 2, port 2 fails or the connection network fails, the firewall work status switch will not be activated

Get NSRP View redundancy status

SSG550 (M)-> set NSRP vsd-group hb-interval 200 setting heartbeat information sends greetings every 200 seconds

SSG550 (M)-> set NSRP vsd-group hb-threshold 3 set Heartbeat information send 3 greeting messages in total

SSG550 (M)-> Save

Backup firewall configuration

unset All restore Factory status

Reset Reset Restart N-y

Set interface e4 zone ha binds Port 4 with the HA area

(Note that the weight setting is different and the rest of the configuration is the same as the primary configuration)

Ssg550-> set NSRP Cluster ID 1 sets cluster group number

SSG550 (B)-> set NSRP VSD ID 0 Sets the group number of the VSD, which can be used without input because the value of the default virtual security database (VSD) for the NetScreen firewall is 0.

SSG550 (B)-> set NSRP Vsd-group ID 0 Priority 100 sets the priority value of the NSRP primary device, the smaller the priority value, the higher the priority.

SSG550 (B)-> set NSRP RTO syn Set configuration sync

SSG550 (B)-> set NSRP vsd-group ID 0 Monitor interface ethernet3 set firewall monitoring port, assuming that port 3 fails or the connected switch fails, the firewall's working status will switch to the backup firewall 。

SSG550 (B)-> set NSRP vsd-group ID 0 Monitor interface ethernet1 set firewall monitoring port, assuming that port 1 fails or the connected switch fails, the firewall's working status will switch to the backup firewall 。

SSG550 (B)-> set NSRP vsd-group hb-interval 200 Set the heartbeat message will send a greeting message every 200 seconds

SSG550 (B)-> set NSRP vsd-group hb-threshold 3 set Heartbeat information send 3 greeting messages in total

SSG550 (B)-> Save

Synchronizing configurations on a standby

ns204 (B)-> exec nsrp sync global-config check-sum (the configuration of two devices is checked and, if different, the backup device will import the configuration on the main device into the backup host after reboot)

ns204 (B)-> exec nsrp sync global-config Save (if different, the backup device will import the configuration on the main device to the backup host after reboot)

This article from the "Operation and maintenance work Struggle" blog, please be sure to retain this source http://yanghuawu.blog.51cto.com/2638960/719158