No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

The difference between the two-node cluster hot backup of USG2000 V1R5 and the early one

Publication Date:  2012-09-22  |   Views:  173  |   Downloads:  0  |   Author:  SU1000722575  |   Document ID:  EKB1000015697


Issue Description

The version of the two-node cluster hot backup of USG2000 V1R5 uses new code ,so it has some difference with the version of V1R3.

Alarm Information


Handling Process

When the the two-node cluster hot backup of V1R5 version cooperate with NAT outbound ,it need differentiate the port range of primary and secondary firewall.The frondose command is hrp nat ports-segment { primary | secondary },it need to appoint that the NAT address pool of configured by primary and secondary firewall can use 2000~33767 and 33768~65535 of the port range .On condition that the two-node cluster hot backup ,when two USG need to configre NAT address pool ,no matter USG working at actieve and standby backup mode or load balancing mode ,it need configure the command of hrp nat ports-segment primary and the other configure the command of hrp nat ports-segment secondary for avoiding the problem of port collision of NAT address pool.
It is no need to configure this command before and only need bind the external network VID interface .Why does new version need to do this ?
If we don’t use the port number apart ,it will probability appear the problem of the dispensatory port numbers are the same after primary and secondary firewall doing the NAT address pool transformation .It leads to collision and the problem of packet loss .The early version has the same problem ,but the probability is small and not to do with it .
The achieving code of V1R5 is different with R3 ,The configuration which is configured by using vrrp and hrp at the same time is the same with R3,otherwise it can support to use the vrrp mode by itself.

Root Cause



The USG9100 series has achieved the function of NAT coopreation subsection port number.