SecPath防火墙双机热备典型配置VIP

图3）命令行配置：f1000E01:#version5.20,Feature3101#sysnamefw01#undovoicevlanmac-address00e0-bb00-0000#domaindefaultenablesystem#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystem#local-userh3cpasswordcipherG`M^B<SDBB[Q=^Q`MAF4<1!!authorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceNULL0#interfaceGigabitEthernet0/0portlink-moderouteipaddress1#interfaceGigabitEthernet0/2portlink-moderouteipaddress1vrrpvrid11virtual-ipvrrpvrid11priority105vrrpvrid11trackinterfaceGigabitEthernet0/3#interfaceGigabitEthernet0/3portlink-moderouteipaddress1vrrpvrid122virtual-ip#interfaceGigabitEthernet1/1portlink-moderoute#interfaceGigabitEthernet1/2portlink-moderoute#interfaceGigabitEthernet1/3portlink-moderoute#interfaceGigabitEthernet1/4portlink-moderoute#interfaceGigabitEthernet1/5portlink-moderoute#interfaceGigabitEthernet1/6portlink-moderoute#interfaceGigabitEthernet1/7portlink-moderoute#iproute-static54#arptimeraging1440#loadxml-configuration#user-interfacecon0idle-timeout00user-interfaceaux0user-interfacevty04F1000e02:#version5.20,Feature3101#sysnamefw02#undovoicevlanmac-address00e0-bb00-0000#domaindefaultenablesystem#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystem#local-userh3cpasswordcipherG`M^B<SDBB[Q=^Q`MAF4<1!!authorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceNULL0#interfaceGigabitEthernet0/0portlink-moderouteipaddress2#interfaceGigabitEthernet0/2portlink-moderouteipaddress2vrrpvrid11virtual-ip#interfaceGigabitEthernet0/3portlink-moderouteipaddress2vrrpvrid122virtual-ipvrrpvrid122priority105vrrpvrid122trackinterfaceGigabitEthernet0/2#interfaceGigabitEthernet1/1portlink-moderoute#interfaceGigabitEthernet1/2portlink-moderoute#interfaceGigabitEthernet1/3portlink-moderoute#interfaceGigabitEthernet1/4portlink-moderoute#interfaceGigabitEthernet1/5portlink-moderoute#interfaceGigabitEthernet1/6portlink-moderoute#interfaceGigabitEthernet1/7portlink-moderoute#iproute-static54#loadxml-configuration#user-interfacecon0idle-timeout00user-interfaceaux0user-interfacevty04数据流向：WEB配置：验证结果pc1从serverhttp/ftp、方式get文件，连接不中断；VRRP状态：<fw01>disvrrpIPv4StandbyInformation:RunMethod:VIRTUAL-MACTotalnumberofvirtualrouters:2InterfaceVRIDStateRunAdver.AuthVirtualPriTimeTypeIPGE0/211Master1051NONEGE0/3122Backup1001NONE[fw02-GigabitEthernet0/3]disvrrpIPv4StandbyInformation:RunMethod:VIRTUAL-MACTotalnumberofvirtualrouters:2InterfaceVRIDStateRunAdver.AuthVirtualPriTimeTypeIPGE0/211Backup1001NONEGE0/3122Master1051NONE注意事项本配置完成，清除防火墙中所做的配置，以防对其他配置产生影响。路由模式＋负载分担模式＋支持非对称路径功能简述（F1000E为例）通过Vlan虚接口实现三层转发。典型配置步骤（组网4）命令行配置：#F1000E-1:#version5.20,Feature3101#sysnamefw01#undovoicevlanmac-address00e0-bb00-0000#nataddress-group154level1nataddress-group254level1#domaindefaultenablesystem#aclnumber3000rule0permitipsource0aclnumber3001rule0permitipsource0#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystem#local-userh3cpasswordcipherG`M^B<SDBB[Q=^Q`MAF4<1!!authorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceNULL0#interfaceGigabitEthernet0/0portlink-moderouteipaddress1#interfaceGigabitEthernet0/2portlink-moderouteipaddress1vrrpvrid11virtual-ipvrrpvrid11priority105vrrpvrid11trackinterfaceGigabitEthernet0/3vrrpvrid111virtual-ip#interfaceGigabitEthernet0/3portlink-moderoutenatoutbound3001address-group2trackvrrp12natoutbound3000address-group1trackvrrp122ipaddress1vrrpvrid12virtual-ipvrrpvrid12priority105vrrpvrid12trackinterfaceGigabitEthernet0/2vrrpvrid122virtual-ip#interfaceGigabitEthernet1/1portlink-moderoute#interfaceGigabitEthernet1/2portlink-moderoute#interfaceGigabitEthernet1/3portlink-moderoute#interfaceGigabitEthernet1/4portlink-moderoute#interfaceGigabitEthernet1/5portlink-moderoute#interfaceGigabitEthernet1/6portlink-moderoute#interfaceGigabitEthernet1/7portlink-moderoute#iproute-static54#arptimeraging1440#loadxml-configuration#user-interfacecon0idle-timeout00user-interfaceaux0user-interfacevty04#returnF1000E-2:#version5.20,Feature3101#sysnamefw02#undovoicevlanmac-address00e0-bb00-0000#ikesanat-keepalive-timerinterval0#nataddress-group154level1nataddress-group254level1#domaindefaultenablesystem#aclnumber3000rule0permitipsource0aclnumber3001rule0permitipsource0#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystem#local-userh3cpasswordcipherG`M^B<SDBB[Q=^Q`MAF4<1!!authorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceNULL0#interfaceGigabitEthernet0/0portlink-moderouteipaddress2#interfaceGigabitEthernet0/2portlink-moderouteshutdownipaddress2vrrpvrid11virtual-ipvrrpvrid111virtual-ipvrrpvrid111priority105vrrpvrid111trackinterfaceGigabitEthernet0/3#interfaceGigabitEthernet0/3portlink-moderoutenatoutbound3001address-group2trackvrrp12natoutbound3000address-group1trackvrrp122ipaddress2vrrpvrid12virtual-ipvrrpvrid122virtual-ipvrrpvrid122priority105vrrpvrid122trackinterfaceGigabitEthernet0/2#interfaceGigabitEthernet1/1portlink-moderoute#interfaceGigabitEthernet1/2portlink-moderoute#in