Chapter 2 Dual-System Hot Backup; Dual-System Hot Backup Overview; Introduction To Hrp - H3C SecPath F1800-A Operation Manual

Operation Manual - Reliability
H3C SecPath F1800-A Firewall

Chapter 2 Dual-System Hot Backup

2.1 Dual-System Hot Backup Overview

2.1.1 Introduction to HRP

I. HRP Application
The SecPath F1800-A is a stateful firewall; there is a session entry for each dynamic
session connection on the SecPath F1800-A, as shown in
PC
Trust zone
Server
DMZ zone
Figure 2-1 Data path in master/backup mode
In master/backup mode, if SecPath A is the master device, it takes up all data
transmission task and many dynamic session entries are set up on it; SecPath B is the
backup device, no data passes it.
When errors occur on SecPath A or on associated links, SecPath B will:
Become the master firewall.
Begin to transfer data.
However, if there is no backup session entry, user registration information and
configuration command on SecPath B before state switch, all sessions that have
passed SecPath A before will be disconnected as a result of mismatch; in this way,
services will be interrupted.
In order to make the backup firewall smoothly take over work from the master firewall
when it breaks down, the following between the master firewall and the backup
firewall are necessary:
(1)
(2)
(7)
(8)
Chapter 2 Dual-System Hot Backup
SecPath A
Session entries
Master
(3)
(6)
Backup
SecPath B
8-39
Figure 2-1.
PC
(4)
(5)
Untrust zone
Actual connection
Traffic