Method used to configure the interworking between hot standby devices and IP-Link on USG firewalls

When a USG firewall works in hot standby mode, IP-Link automatically detects a link failure that affects services of the active and standby firewalls. If the VGMP management group is configured to monitor IP-Link, the USG firewall can adjust the priority of the VGMP management group to trigger the active/standby USG firewall switchover, and therefore ensuring service continuity.
After the VGMP management group is configured to monitor IP-Link, IP-Link can detect the status of the interface or link that is not directly connected to the USG firewall.
Key configurations for the interworking between the hot standby devices and IP-Link on USG firewall are as follows:

# Add interfaces GigabitEthernet 0/0/2 and GigabitEthernet 0/0/1 to the same Link-group management group.
[USG_A] interface GigabitEthernet 0/0/2
[USG_A-GigabitEthernet0/0/2] link-group 1
[USG_A-GigabitEthernet0/0/2] quit
[USG_A] interface GigabitEthernet 0/0/1
[USG_A-GigabitEthernet0/0/1] link-group 1
[USG_A-GigabitEthernet0/0/1] quit

If the USG firewalls work in hot standby mode on the OSPF network, run the following command:
[USG] hrp ospf-cost adjust-enable

# In the interface view, configure the Master and Slave management groups to monitor the status of the interfaces.
[USG_A] interface GigabitEthernet 0/0/2
[USG_A-GigabitEthernet0/0/2] hrp track master
[USG_A-GigabitEthernet0/0/2] quit
[USG_A] interface GigabitEthernet 0/0/1
[USG_A-GigabitEthernet0/0/1] hrp track master
[USG_A-GigabitEthernet0/0/1] quit
# Configure IP-Link to monitor the outbound interface.
[USG_A] ip-link check enable
[USG_A] ip-link 1 destination 200.1.1.1 interface GigabitEthernet 0/0/1
# Configure the interworking between the hot standby firewalls and IP-Link, and set the VGMP management group to monitor IP-Link. When the outbound interface is faulty, IP-Link state is changed to Down, and the priority of the VGMP management group is degraded to 2.
[USG_A] hrp track ip-link 1 master
# Configure the HRP backup channel.
[USG_A] hrp interface GigabitEthernet 0/0/3
# Configure the fast session backup.
[USG_A] hrp mirror session enable
# Enable the HRP.
[USG_A] hrp enable

Note: The hot standby mode involves two devices. The key configuration describes IP-Link configuration only on the master device. For details about the configurations on the slave device and USG6000, click the following link to view the specific configurations.

For specific configurations, click Configuring the Interworking Between Hot Standby Devices and IP-Link on USG Firewalls.

Scroll to top