beautypg.com

Configuration guidelines, N in, Figure 6 – H3C Technologies H3C SecPath F1000-E User Manual

Page 856

background image

7

Figure 6 Configure stateful failover

Step2

Configure Device B.

Except the Main Device for Configuration Synchronization and Auto Synchronization

settings that are not needed for Device B, other settings on Device B are consistent with those on Device

A and thus are omitted.

Configuration Guidelines

1.

You also need to configure VRRP or a dynamic routing protocol on the failover devices and the
uplink/downlink devices to ensure that the traffic can automatically switch to the other device if

one device fails.

2.

To back up portal related information, you need to configure portal to support stateful failover
besides the configurations described in this chapter. For more information, see Portal

Configuration in the Security Volume of the Operation Manual.

3.

Use a network cable or optical fiber to directly connect the failover interfaces. No intermediary
device (such as a router, a switch, or a hub) is allowed between the interfaces.

4.

The same numbered interfaces must exist on the two devices. Otherwise, data backup fails. For
example, if Device A uses GigabitEthernet 0/1 and GigabitEthernet 0/3 to forward data, Device

B must also have GigabitEthernet 0/1 and GigabitEthernet 0/3 and vice versa.

5.

Do not configure other functions or parameters on a failover interface.

6.

To run NAT on two failover devices, you need to configure two identical NAT address pools for
each device, but the higher-priority address pool on a device must be different from that on the

other; otherwise, a conflict may occur during stateful failover. For example, you can configure

two NAT address pools, 100.0.0.1 through 100.0.0.5 (Pool 1), and 100.0.0.6 through
100.0.0.10 (Pool 2) on devices A and B. Pool 1 has a lower priority on Device A, while Pool 2

has a lower priority on Device B. For details, see NAT Configuration in the Firewall Web

Configuration Manual.

7.

While the active device synchronizes all configurations to the standby device, the redundant
configurations (if any) on the standby device are not removed. This may result in a
synchronization failure. To avoid this problem, you are recommended to enable auto

synchronization.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: