No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
OSPF (Load Balancing)

OSPF (Load Balancing)

Networking Diagram

As shown in Figure 7-6, the service interfaces of both firewalls work at Layer 3 and connect to both the backbone and GGSN/P-GW through routers. OSPF runs between the firewall and router.

The two firewalls work in active/standby mode. Normally, traffic is forwarded by FW_A. When FW_A fails, traffic is forwarded by FW_B. This ensures that the services are not interrupted.

Figure 7-6  OSPF (load sharing) networking

The two firewalls are expected to work in load balancing mode. Normally, FW_A and FW_B forward traffic together. When one firewall fails, the other firewall forwards all traffic. The services are not interrupted.

Failover

  • When FW_A fails, the OSPF route is switched to FW_B through hot standby so that the traffic is switched over.

  • When FW_B fails, the OSPF route is switched to FW_A through hot standby so that the traffic is switched over.

Configuration Difference

Item

FW_A

FW_B

Hot standby

hrp enable

hrp interface Eth-Trunk0 remote 192.168.3.2

hrp mirror session enable

hrp preempt delay 120

hrp adjust ospf-cost enable

hrp track interface Eth-Trunk1

hrp track interface Eth-Trunk2

hrp nat resource primary-group //Set the NAT port segment of the dual firewalls

hrp enable

hrp interface Eth-Trunk0 remote 192.168.3.1

hrp mirror session enable

hrp preempt delay 120

hrp adjust ospf-cost enable

hrp track interface Eth-Trunk1

hrp track interface Eth-Trunk2

hrp nat resource secondary-group //Set the NAT port segment of the dual firewalls

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 19186

Downloads: 786

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next