Difference between revisions of "Gaia VRRP setup guide"
From cpwiki.net
(→Add rule to allow vrrp adverstisements) |
(→configure cluster object) |
||
| Line 10: | Line 10: | ||
| − | [[file:chkp_vrrp_cluster_config.png]] | + | [[file:chkp_vrrp_cluster_config-1.png]] |
| + | |||
| + | |||
| + | |||
| + | [[file:chkp_vrrp_cluster_config-1.png]] | ||
== Add rule to allow vrrp adverstisements == | == Add rule to allow vrrp adverstisements == | ||
Revision as of 08:22, 15 September 2013
Contents |
from clish prompt, create vrid, add backup-addresses, save config
Expert@chkpfw2]# clish chkpfw2> add mcvr vrid 100 priority 95 priority-delta 10 chkpfw2> add mcvr vrid 100 backup-address 172.16.31.1 chkpfw2> add mcvr vrid 100 backup-address 192.168.1.1 chkpfw2> save config
configure cluster object
Add rule to allow vrrp adverstisements
Failure to do so will cause master/master status.
Checking your configuration
[Expert@chkpfw1]# clish -c "show vrrp summary"
VRRP State VRRP Router State: Up Flags: On Interface enabled: 2 Virtual routers configured: 2 In Init state 0 In Backup state 0 In Master state 2
Verify your vrrp backup address is in effect. It will NOT show up in ifconfig output. Also, you cannot ping the backup-addresses in Gaia like you could in ipso.
Expert@chkpfw1]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:d8:3e:56 brd ff:ff:ff:ff:ff:ff inet 172.16.31.9/28 brd 172.16.31.15 scope global eth0 inet 172.16.31.11/28 brd 172.16.31.15 scope global secondary flags 10 eth0 <<< this line is the vrrp backup-address
