作業対象

ホスト名	機種	OS
共通FW#1(CMNFW01)	NetScreen-25
共通FW#2(CMNFW02)	NetScreen-25

作業概要

・FWの冗長化

設定項目

・NSRP

設定投入

共通FW#1

!--- ethernet4をNSRP用に設定
CMNFW01-> set interface "ethernet4" zone "HA"

!--- NSRPの設定
CMNFW01-> set nsrp cluster id 1
CMNFW01(B)-> set nsrp vsd-group id 0 priority 100
CMNFW01(B)-> set nsrp vsd-group id 0 preempt
CMNFW01(B)-> set nsrp secondary-path ethernet2
CMNFW01(B)-> set nsrp vsd-group id 0 monitor interface ethernet1
CMNFW01(B)-> set nsrp vsd-group id 0 monitor interface ethernet2
CMNFW01(B)-> set nsrp vsd-group id 0 monitor interface ethernet3
CMNFW01(B)-> set nsrp ha-link probe

CMNFW01(B)-> Unit becomes master of NSRP vsd-group 0 # プロンプトがBackupからMasterへ変わるメッセージが表示される

CMNFW01(M)->

共通FW#2

!--- ethernet4をNSRP用に設定
CMNFW02-> set interface "ethernet4" zone "HA"

!--- NSRPの設定
CMNFW02-> set nsrp cluster id 1
CMNFW02(B)-> set nsrp vsd-group id 0 priority 110
CMNFW02(B)-> set nsrp secondary-path ethernet2
CMNFW02(B)-> set nsrp vsd-group id 0 monitor interface ethernet1
CMNFW02(B)-> set nsrp vsd-group id 0 monitor interface ethernet2
CMNFW02(B)-> set nsrp vsd-group id 0 monitor interface ethernet3
CMNFW02(B)-> set nsrp ha-link probe

設定確認

コンフィグ(共通FW#1)

コンフィグ(共通FW#2)

インターフェース情報(共通FW#1)

CMNFW01(M)-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 192.168.1.1/24 Trust 0010.dbff.2000 - U 0
eth2 0.0.0.0/0 DMZ 0010.dbff.2050 - U 0
eth3 10.4.0.251/24 Untrust 0010.dbff.2060 - U 0
eth4 0.0.0.0/0 HA 0010.db79.e977 - U -
vlan1 0.0.0.0/0 VLAN 0010.dbff.20f0 1 D 0
null 0.0.0.0/0 Null N/A - U 0

インターフェース情報(共通FW#2)

CMNFW02(B)-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 192.168.1.1/24 Trust 0010.dbff.2000 - I 0
eth2 0.0.0.0/0 DMZ 0010.dbff.2050 - I 0
eth3 10.4.0.251/24 Untrust 0010.dbff.2060 - I 0
eth4 0.0.0.0/0 HA 0010.db6f.a1f7 - U -
vlan1 0.0.0.0/0 VLAN 0010.dbff.20f0 1 D 0
null 0.0.0.0/0 Null N/A - U 0

疎通確認

<編集中・・・>