双机热备实验

一：配置ip

　　PC1：ip和网关

　　FW1、FW2：三个接口的ip

　　R1：接口ip和路由

二：配置防火墙的区域和安全策略

FW1和FW2配置一样:

[USG6000V1]firewall zone trust

[USG6000V1-zone-trust]add int g1/0/2

[USG6000V1-zone-trust]q

[USG6000V1]firewall zone untrust

[USG6000V1-zone-untrust]add int g1/0/0

[USG6000V1-zone-untrust]q

[USG6000V1]firewall zone dmz

[USG6000V1-zone-dmz]add int g1/0/1

[USG6000V1-zone-dmz]q

[USG6000V1]security-policy

[USG6000V1-policy-security]rule name tr2untr

[USG6000V1-policy-security-rule-tr2untr]source-zone trust

[USG6000V1-policy-security-rule-tr2untr]destination-zone untrust

[USG6000V1-policy-security-rule-tr2untr]action permit

[USG6000V1-policy-security-rule-tr2untr]q

[USG6000V1-policy-security]rule name local2dmz

[USG6000V1-policy-security-rule-local2dmz]source-zone local

[USG6000V1-policy-security-rule-local2dmz]destination-zone dmz

[USG6000V1-policy-security-rule-local2dmz]action permit

[USG6000V1-policy-security-rule-local2dmz]q

三：配置VRRP备份组

FW1：

[USG6000V1]int g1/0/2

[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 active

[USG6000V1-GigabitEthernet1/0/2]q

[USG6000V1]int g1/0/0

[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 active

FW2：

[USG6000V1]int g1/0/2

[USG6000V1-GigabitEthernet1/0/2]vrrp vrid 1 virtual-ip 192.168.1.100 standby

[USG6000V1-GigabitEthernet1/0/2]q

[USG6000V1]int g1/0/0

[USG6000V1-GigabitEthernet1/0/0]vrrp vrid 2 virtual-ip 10.1.1.100 standby

四：配置心跳接口

FW1：

[USG6000V1]hrp int g1/0/1 remote 172.16.1.2

FW2：

[USG6000V1]hrp int g1/0/1 remote 172.16.1.1

五：开启双击热备

FW1：

[USG6000V1]hrp enable

FW2：

[USG6000V1]hrp enable

六：验证

FW1：

HRP_M[USG6000V1]dis hrp state

 Role: active, peer: standby

 Running priority: 45000, peer: 45000

 Core state: normal, peer: normal

 Backup channel usage: 0.00%

 Stable time: 0 days, 0 hours, 4 minutes

 Last state change information: 2018-11-10 8:38:01 HRP core state changed, old_s

tate = abnormal(standby), new_state = normal, local_priority = 45000, peer_prior

ity = 45000.

FW2：

HRP_S[USG6000V1]dis hrp state

 Role: standby, peer: active

 Running priority: 45000, peer: 45000

 Core state: normal, peer: normal

 Backup channel usage: 0.00%

 Stable time: 0 days, 0 hours, 5 minutes

 Last state change information: 2018-11-10 8:38:01 HRP link changes to up.