Precaution of NAT configure as USG9300 takes two-node cluster hot backup

Publication Date:  2012-09-17 Views:  158 Downloads:  0
Issue Description
What should be noticed in NAT configure when USG9300 takes two-node cluster hot backup?
Alarm Information
Null
Handling Process
Null
Root Cause
Same precaution with middle and low-end firewall and something special.
Same Precaution:
1.If the two-node cluster hot backup NAT address pool is in the same network segment with the interface IP, It is necessary that binding NAT pool and VRRP team ID.
The reason is that, in this way, it will avoids the collision When upstream and downstream device request the ARP of NAT pool, Two USG9300 will respond ARP message.
2. If the two-node cluster hot backup NAT address pool is not in the same network segment with the interface IP, no special operation should be done.
Special Precaution:
In two-node cluster load balancing mode, to avoid the collision of NAT pool interface, the order “hrp nat ports-segment primary” should be configured in one USG9300,and the order “hrp nat ports-segment secondary” should be configured in another.
Suggestions
In two-node cluster load balancing mode, the order “hrp nat ports-segment primary” and “hrp nat ports-segment secondary” should be configured specially.

END