防火墙 FailoverVIP免费

防火墙Failover一、failover相关概念：1、failover线：又叫心跳线，是一条故障切换线，参与failover的防火墙通过这条线决定本身的状态。Failover线有2种：专用的cable线和LAN线2、statfulfailover线：即状态线，时刻传递状态信息由主到次，该线的带宽必须大于等于用户接口的带宽，状态有3种：专用以太口或共享LAN-base的failover线或共享用户接口(不建议）3、failover组网拓扑：有2种：基于专用cable和基于LAN二、试验拓扑：三、试验配置：FW5(config)#activation-key0x5236f5a70x97def6da0x732a91f50xf5deef57（添加UR许可，有UR许可才支持Failover）1、基于Lanbase的A/S模式FW5（活动设备）FW5(config)#failoverlinkbluefoxe3(指定Failover状态接口）FW5(config)#failoverinterfaceipbluefox192.168.6.5255.255.255.0standby192.168.6.6（配置状态接口的IP）FW5(config)#interfacee3（打开接口）FW5(config-if)#noshFW5(config-if)#exitFW5(config)#failoverlanenable（启用lanbase）FW5(config)#failoverlanunitprimary（指定该设备为主设备）FW5(config)#failoverlaninterfacebluefoxe3（指定Failover线（可与状态线共用））FW5(config)#failoverinterfaceipbluefox192.168.6.5255.255.255.0standby192.168.6.6（共用时可不配）FW5(config)#failoverFW5(config)#interfacee0FW5(config-if)#nameifoutsideFW5(config-if)#ipadd192.168.7.5255.255.255.0standby192.168.7.6FW5(config-if)#noshFW5(config-if)#exitFW5(config)#interfacee1FW5(config-if)#nameifinsideFW5(config-if)#ipadd192.168.5.5255.255.255.0standby192.168.5.6FW5(config-if)#noshFW5(config-if)#exitFW5(config)#interfacee2FW5(config-if)#nameifdmzFW5(config-if)#security-level50FW5(config-if)#ipadd192.168.8.5255.255.255.0standby192.168.8.6FW5(config-if)#noshFW5(config-if)#exitFW6（备份设备）FW6(config)#interfacee3FW6(config-if)#noshFW6(config-if)#exit（打开状态线）FW6(config)#failoverlanenable（启用lanbase）FW6(config)#failoverlanunitsecondary（指定该设备为辅助设备）FW6(config)#failoverlaninterfacebluefoxe3（指定Failover线）FW6(config)#failoverinterfaceipbluefox192.168.6.5255.255.255.0standby192.168.6.6FW6(config)#failover（启用Failover）测试与分析：FW5FW6FW5由以上各图知FW5为主、FW6为备份设备.在FW6上手动抢占FW6已成为主设备。FW6切换为辅助设备以下为各个设备的详细配置：FW5interfaceEthernet0nameifoutsidesecurity-level0ipaddress192.168.7.5255.255.255.0standby192.168.7.6interfaceEthernet1nameifinsidesecurity-level100ipaddress192.168.5.5255.255.255.0standby192.168.5.6interfaceEthernet2nameifdmzsecurity-level50ipaddress192.168.8.5255.255.255.0standby192.168.8.6interfaceEthernet3descriptionLAN/STATEFailoverInterfaceaccess-list100extendedpermitipanyanyfailoverfailoverlanunitprimaryfailoverlaninterfacebluefoxEthernet3failoverlanenablefailoverlinkbluefoxEthernet3failoverinterfaceipbluefox192.168.6.5255.255.255.0standby192.168.6.6access-group100ininterfaceoutsideaccess-group100ininterfacedmzrouteoutside0.0.0.00.0.0.0192.168.7.71routeinside192.168.10.0255.255.255.0192.168.5.1001routeinside192.168.20.0255.255.255.0192.168.5.1001routedmz192.168.30.0255.255.255.0192.168.8.41routedmz192.168.40.0255.255.255.0192.168.8.41SW1spanning-treevlan1priority0spanning-treevlan10priority0spanning-treevlan20priority0interfacePort-channel1switchportmodetrunkinterfaceFastEthernet1/1switchportaccessvlan5interfaceFastEthernet1/2switchportaccessvlan6interfaceFastEthernet1/3switchportmodetrunkchannel-group1modeoninterfaceFastEthernet1/4switchportmodetrunkchannel-group1modeoninterfaceFastEthernet1/5switchporttrunkallowedvlan1-4,7-1005switchportmodetrunkinter...