Configuring hot standby in load balancing mode on the USG2000

2

Search for "Connecting to the Internet through multi-ISPs (hot standby)" in the USG2000/5000 product documentation.

Other related questions:
Configuring hot standby in load balancing mode on the USG6000
Search for "Connecting to the Internet through multi-ISPs (hot standby)" in the USG6000 product documentation.

Whether the IPSec feature of the USG5000 supports hot standby in load balancing mode
The IPSec feature does not support load balancing on USGV300R001 and starts to support load balancing since NGFWC10.

Concepts of configuring active and standby firewalls
On a load balancing network, to enable both devices to work in master state, consider the following issues: How to back up information between the devices? Which commands need to be backed up? Which is the backup direction? To avoid errors during the backup, the USG introduces the concept of designated active and standby devices. The firewall that sends backup configurations is called the designated active device (whose system name starts with "HRP_M"), and the firewall that receives backup configurations is called the designated standby device (whose system name starts with "HRP_S"). A firewall must meet the following requirements to become the designated active device: In the VRRP group, only the firewalls in master state have the chance to be the designated master device. In load balancing mode, the two hot standby USGs are both master devices. In this case, the designated master device is selected according to the priorities of the VRRP groups and the descending order of the real IP addresses of the heartbeat interfaces. The switchover between designated active and standby devices is not implemented unless a fault occurs on the designated active device or the designated active device quits the VRRP group for the stability of the designated active device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top