after config remote parameter, the dual-acitve problem happens

Publication Date:  2015-12-05 Views:  186 Downloads:  0
Issue Description

The statue of dual-system hot backup is normal at the beginning, but when changing the command of usg6300 ’hrp int g 0/0/8’to ‘hrp int g 0/0/8 remote x.x.x.x’, the dual-active problem happens.


Solution

(1)One thing must be noticed: before set the remote parameter, the packets between heartbeat interfaces are multicast packets, the USG will not check multicast packets; after set the remote parameter, the USG will encapsulate VRRP packets as UDP packets, for this, USG must bypass the traffic from FW1 to FW2.

(2)After checking the configuration, customer hasn’t bypass the traffic, then FW1 and FW2 couldn’t receive heartbeat packets from each other, then the dual-active problem happens. After bypass the traffic between local and dmz zone, this problem is solved.

END