Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Basic Features of PIX Firewall: failure handling Mechanism and redundancy-principles and experiments

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

(1) terminology

(2) basic process

Step 1: the active unit copies all its configurations to the standby unit and commands are sent over the failure handling mechanism cable

Step 2: sends a dedicated Hello packet every 15 seconds

Step 3: the standby unit does not receive two consecutive Hello packets within a specified time

Step 4: transfer activity control to the standby unit, while the failure handling mechanism tests the interface through various tests

(3) experiment

Note: import the activation code on the PIX firewall before doing this lab

Here R2 is the Internet.

Step 1: R1 and R2 configuration (brief)

Step 2: FW1 configuration to access Internet

Step 3: FW1-Failover configuration

Step 4: FW2-Failover configuration

Step 1: R1 and R2 configuration (brief)

Step 2: FW1 configuration to access Internet

Interface configuration:

FW1 (config) # interface e0

FW1 (config-if) # no shutdown

FW1 (config-if) # ip add 192.168.1.254 255.255.255.0

FW1 (config-if) # nameif inside

FW1 (config-if) # security-level 100

FW1 (config) # interface E1

FW1 (config-if) # no shutdown

FW1 (config-if) # ip add 100.1.1.1 255.255.255.0

FW1 (config-if) # nameif outside

FW1 (config-if) # security-level 100

FW1 (config) # interface e2

FW1 (config-if) # no shutdown

FW1 (config-if) # ip add 10.1.12.1 255.255.255.0

FW1 (config) # interface E3

FW1 (config-if) # no shutdown

FW1 (config-if) # ip add 10.2.12.1 255.255.255.0

Default route, NAT configuration

FW1 (config) # route outside 00 100.1.1.2

FW1 (config) # access-list NAT permit ip any any

FW1 (config) # nat (inside) 1 access-list NAT

FW1 (config) # global (outside) 1 interface

Step 3: FW1-Failover configuration

FW1 (config) # failover / / enable failure handling

FW1 (config) # failover lan enable / / enable LAN-based failure handling

FW1 (config) # failover key cisco / / Certification of account failure handling function

FW1 (config) # failover lan unit primary / / set as the active unit

FW1 (config) # failover lan interface PZ Ethernet2 / / name the e2 interface PZ and define it as the configuration interface

FW1 (config) # failover lan link ZT Ethernet3 / / name the E3 interface ZT and define it as a stateful interface

FW1 (config) # failover interface ip PZ 10.1.12.1 255.255.255.0 standby 10.1.12.2 / / specify the primary and secondary configuration interfaces, and configure the IP address for the primary configuration interface

FW2 (config) # failover interface ip ZT 10.2.12.1 255.255.255.0 standby 10.2.12.2 / / specify the primary and secondary state interfaces

Step 4: FW2-Failover configuration

Basic interface configuration:

FW2 (config) # interface e0

FW2 (config) # no shudown

FW2 (config) # interface E1

FW2 (config) # no shutdown

FW2 (config) # interface e2

FW2 (config) # no shutdown

FW2 (config-if) # ip address 10.1.12.2 255.255.255.0

FW2 (config) # interface E3

FW2 (config) # no shutdown

FW2 (config) # ip address 10.2.12.2 255.255.255.0

Failover configuration:

FW1 (config) # failover / / enable failure handling

FW1 (config) # failover lan enable / / enable LAN-based failure handling

FW1 (config) # failover key cisco / / Certification of account failure handling function

FW1 (config) # failover lan unit secondary / / set as standby unit

FW1 (config) # failover lan interface PZ Ethernet2 / / name the e2 interface PZ and define it as the configuration interface

FW1 (config) # failover lan link ZT Ethernet3 / / name the E3 interface ZT and define it as a stateful interface

FW1 (config) # failover interface ip PZ 10.1.12.1 255.255.255.0 standby 10.1.12.2 / / specify primary and secondary configuration interfaces

FW2 (config) # failover interface ip ZT 10.2.12.1 255.255.255.0 standby 10.2.12.2 / / specify the primary and secondary state interfaces

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration interface processing function unit status standby activity mechanism experiment grouping testing authentication fire protection two simultaneously command address time terminology vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi Microsoft Shulou Information MySQL NVidia MariaDB Shulou Tech Info Huawei vpn Apple Linux Docker macOS OPPO Reno Redmi Shulou Technology Xiaomi Microsoft Shulou Information MySQL NVidia MariaDB Shulou Tech Info Huawei vpn Apple Linux Docker macOS OPPO Reno Redmi Shulou Technology

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report