Concepts of configuring active and standby firewalls

On a load balancing network, to enable both devices to work in master state, consider the following issues: How to back up information between the devices? Which commands need to be backed up? Which is the backup direction?

To avoid errors during the backup, the USG introduces the concept of designated active and standby devices. The firewall that sends backup configurations is called the designated active device (whose system name starts with "HRP_M"), and the firewall that receives backup configurations is called the designated standby device (whose system name starts with "HRP_S"). A firewall must meet the following requirements to become the designated active device:

In the VRRP group, only the firewalls in master state have the chance to be the designated master device.
In load balancing mode, the two hot standby USGs are both master devices. In this case, the designated master device is selected according to the priorities of the VRRP groups and the descending order of the real IP addresses of the heartbeat interfaces.
The switchover between designated active and standby devices is not implemented unless a fault occurs on the designated active device or the designated active device quits the VRRP group for the stability of the designated active device.

Scroll to top