ESR series service routers.ESR-Series. User manual
master(config)# interface gigabitethernet 1/0/1
master(config-if-gi)# vrrp id 1
master(config-if-gi)# vrrp ip 192.0.2.1/24
master(config-if-gi)# vrrp priority 20
master(config-if-gi)# vrrp group 1
master(config-if-gi)# vrrp preempt delay 60
master(config-if-gi)# vrrp
master(config-if-gi)# exit
master(config)# interface gigabitethernet 1/0/3
master(config-if-gi)# vrrp id 3
master(config-if-gi)# vrrp ip 198.51.100.1/24
master(config-if-gi)# vrrp priority 20
master(config-if-gi)# vrrp group 1
master(config-if-gi)# vrrp preempt delay 60
master(config-if-gi)# vrrp
master(config-if-gi)# exit
Configure firewall failover.
Select the unicast session reservation mode:
master(config)# ip firewall failover sync-type unicast
Select the IP addresses of the network interface from which messages will be sent when the Firewall is
running in session reservation mode:
master(config)# ip firewall failover source-address 203.0.113.1
Configure the neighbor's IP addresses when reserving Firewall sessions in unicast mode:
master(config)# ip firewall failover destination-address 203.0.113.2
Configure the UDP port number of the Firewall session reservation service:
master(config)# ip firewall failover port 3333
Enable Firewall session reservations:
master(config)# ip firewall failover
To configure security zone rules, create a profile for the firewall failover port:
master(config)# object-group service failover
master(config-object-group-service)# port-range 3333
master(config-object-group-service)# exit
To ensure that the VRRP processes states on a router are synchronized (master, backup), as well as
to synchronize their sessions using firewall failover, it is necessary to configure them to belong to
the same VRRP group.
To Next Page
Loading...