No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Typical Networking

Typical Networking

Networking diagram

As shown in Figure 6-2,the FWs are deployed at the uplink and download sides of the SCG respectively, and the service interfaces of the FWs work at Layer 3. The FW at the uplink side connects to the GGSN via a switch, and the FW at the downlink side connects to the Internet via a router.

Service traffic, such as mobile phone traffic, at the GGSN side reaches the SCG through FW_A and then is forwarded by FW_C to the Internet. OSPF is enabled on the upstream interface of the FW, and VRRP is enabled on the downstream interface of the FW.

Hot standby in active/standby mode is carried out between FW_A and FW_B and between FW_C and FW_D. When services at the uplink side are operating properly, the traffic that enters the SCG is forwarded by FW_A. If FW_A fails, the traffic is forwarded by FW_B. When services at the downlink side are operating properly, the traffic that leaves the SCG is forwarded by FW_C. If FW_C fails, the traffic is forwarded by FW_D. In this way, service continuity at both sides of the SCG is ensured.

NOTE:

Root systems and virtual systems are designed for the FWs. The root systems of the FWs are configured as the FWs at the uplink side and carry out hot standby. The virtual systems of the FWs are configured as the FWs at downlink side and carry out hot standby.

In this scenario, Only hot standby in active/standby mode is supported.

Figure 6-2  Application of the FWs in the SCG networking

Reliability Analysis

Figure 6-3 shows the active/standby switchovers when FW_A in the active state and its link become faulty and recover. The active/standby switchover processes are as follows:

  • Switchover in case of a fault

    When FW_A and its link fail, FW_B becomes the active firewall, and the route is switched to FW_B.

  • Switchover in case of fault recovery

    After FW_A and its link recover, FW_A preempts to be the active firewall, the route and traffic are switched back to FW_A.

Figure 6-3  Switchover in case of a fault at the uplink side

Figure 6-4 shows the active/standby switchovers when FW_C in the active state and its link become faulty and recover. The active/standby switchover processes are as follows:

  • Switchover in case of a fault

    When FW_C and its connected link fail, FW_D becomes the active firewall, and the route is switched to FW_D.

  • Switchover in case of fault recovery

    After FW_C and its link recover, FW_C preempts to be the active firewall, the route and traffic are switched back to FW_C.

Figure 6-4  Switchover in case of a fault at the downlink side

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16783

Downloads: 721

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next