During firewall hot standby configuration, a subinterface is configured
on the active firewall and the subinterface is added to the Trust zone. The
subinterface is configured on the standby firewall, but the standby firewall
does not add the subinterface to the Trust zone.
Step 1: Check the hot standby configuration. The automatic backup
function is enabled.
Step 2: Check the logs of the active and standby firewalls and confirm the
configuration procedure of the administrator.
1. On the active firewall, create subinterface GigabitEthernet1/0/2.5.
2. On the active firewall, add subinterface GigabitEthernet1/0/2.5 to the Trust
3. On the standby firewall, create subinterface GigabitEthernet1/0/2.5.
The firewall can automatically back up zone configurations, but cannot
automatically back up interface configurations. When a subinterface is added to
a zone on the active firewall according to the configuration sequence of the
administrator, no subinterface is created on the standby firewall. As the
standby firewall cannot add a nonexistent subinterface to a zone, the command
Step 3: Delete the subinterface from the Trust zone of the active firewall and
add the subinterface again.
Automatic configuration backup is disabled.
The backup mechanism in hot standby deployment prevents configuration
commands from being backed up.
The firewall cannot automatically back up interface configuration
commands, and such commands must be separately configured on the two firewalls.
To use the automatic backup function of configuration commands, pay attention
to the configuration sequence.