Hot standby modes on the USG6000 series

1

Hot standby is in either active/standby or load balancing mode.

Other related questions:
Configuring hot standby in load balancing mode on the USG6000
Search for "Connecting to the Internet through multi-ISPs (hot standby)" in the USG6000 product documentation.

TSM interworking with USG6000s in hot standby in-path mode
This example describes the typical network and configuration method for TSM interworking in USG6000 hot standby in-path mode. The networking requirements of this example are as follows: A company deploys a TSM server group and NGFWs in hot standby mode. Requirements are as follows: ?wo TSM Controllers are deployed. If the NGFWs cannot interwork with both TSM Controllers, the NGFWs do not control terminal hosts. That is, all traffic from the terminal hosts is permitted. ?erminal hosts in the company network have the TSM proxy software installed. To authenticate guests, the NGFWs must be configured to authenticate end users on the web UI, who do not have the TSM proxy software installed. ?sers in different roles can access specific network resources. The account lee is used as an example. The user can access only the "service system," not resources in the post-authentication domain. ?f an end user passes identity authentication but fails security authentication, fixing measures must be taken in the isolation domain, such as patch download and virus database updates.

Hot standby modes on the USG9000 series
Hot standby is in either active/standby or load balancing mode.

TSM interworking with USG6000s in hot standby out-of-path mode
This example describes the typical network and configuration method for TSM interworking in USG6000 hot standby bypass mode. The networking requirements of this example are as follows: All PCs in a company's sales department connect to core switches through access switches and then connect to the HQ through 1000 Mbit/s optical fiber leased lines. The core switches are hot standby. In normal conditions, core switch 1 forwards all traffic. If the switch fails, traffic is switched to core switch 2. To secure the internal network, the company deploys the TSM system at the HQ to control the access of sales department PCs to the HQ network and uses NGFWs for access control.

Hardware restrictions of hot standby on the USG6000 series
Hardware restrictions of hot standby: 1. Currently, hot standby can be implemented only between two devices. 2. The active and standby devices must have the same product model and version. 3. The active and standby devices must have the same number and types of boards installed in the same arrangement. Otherwise, the information synchronized from the active device does not match the physical configuration of the standby device. As a result, faults occur after an active/standby switchover. 4. If you want to use a Layer 2 interface as the heartbeat interface, you need to add it to the VLAN, create the VLANIF interface, and configure the IP address of the VLANIF interface. Then use the VLANIF interface as the heartbeat interface and specify the heartbeat interface IP address of the peer device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top