Shulou(Shulou.com)06/01 Report--

Firewall configuration Task 8

Configuration of LAN-based failover

Task topology figure 8.1

1. Configure the primary firewall as pix1 and the backup firewall as pix2

Figure 8.2

two。 Configure the outside interface of the main firewall and configure the backup interface as 192.168.1.2/24.inside interface IP and configure the backup interface as 10.10.10.2 prime 24.

Figure 8.3

3. Configure the inside,outside interface address for the standby firewall pix2 and the interface security level is the default.

Figure 8.4

4. Configure the host address in the inside zone to be 10.10.10.3/24.outside zone host address is 192.168.1.3 Universe 24. Each gateway is the inside,outside interface address.

Figure 8.5

5. Make an access control list on the main firewall named icmp to release all icmp traffic.

Figure 8.6

6. Configure a default route to the outside zone on the main firewall. The outbound interface is 192.168.1.1.

Figure 8.7

7. Configure NAT transform on the main firewall, inside transform all, and outside interface to do PNAT conversion.

Figure 8.8

8. Configure lan-based failover on the main firewall, use the e2 interface of the firewall as the heartbeat, name the xiaoming,IP address 172.16.1.1, and the standby address is 172.16.1.2, set the failover role of the firewall to primary, and enable it.

Figure 8.9

9. View the current Failover status of the primary firewall.

Figure 8.10

10. Configure LAN-based failover on the backup firewall (pix2).

Figure 8.11

11. View the Failover status of the backup firewall.

Figure 8.12

twelve。 Looking at the status of the failover again, the system displays the IP address of the secondary.

Figure 8.13

Looking at it on pix2, failover finds a partner, starts copying the configuration file, and copies it successfully.

Figure 8.14

13. View the current failover status of the backup firewall. Displays the normal. And the interface of the backup pre-fire system is automatically converted to pix1. The current character is displayed as This host:Secondary = standby Ready.

Figure 8.15

After the 14.failover configuration is successful, check the failover status on the pix1, which is displayed as primary--Active.

Figure 8.16

15. The internal host has been ping the external host, power off the main firewall, and check the failover status. The interface shows that the failover was successful.

Figure 8.17

16. Switch the backup firewall to the ACTIVE state. Shows that the switch was successful.

Figure 8.18

View the failover status of the current firewall on pix1.

Figure 8.19

17. The impact of multiple state switches on the firewall on the traffic passing through the firewall.

Figure 8.20

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.