DY模拟器模拟PIX做防火墙failover

使用模拟器模拟PIX做防火墙failover

FW1# show run
: Saved
:
PIX Version 7.2(1)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1
 description LAN Failover Interface
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface failover Ethernet1
failover lan enable
failover interface ip failover 172.16.0.11 255.255.255.0 standby 172.16.0.12
no asdm history enable
arp timeout 14400
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f04ff8cfbba99057877901a055ab2be8
: end
=======================

FW2#

failover
failover lan unit secondary
failover lan interface failover Ethernet1
failover lan enable
failover interface ip failover 172.16.0.11 255.255.255.0 standby 172.16.0.12
no asdm history enable
arp timeout 14400
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
黑色粗体为手工输入，红色粗体为效果，（在FW1上修改timeout xlate 为1:00:00，write , write standby,可在FW2上看到效果。）

转载于:https://blog.51cto.com/cisco130/856297