Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

深信服AC12.0.7版本后,AC路由模式主备配置的时候DMZ不会同步,也就是主备两台AC可以分别由各自的DMZ口来同时管理。

主备配置步骤如下:
1、主机配置部署模式,WAN口、LAN口、DMZ口,如果需要通过DMZ口管理设备,建议DMZ口配置3个,保留默认的一个eth1口(10.252.252.252/24),还有一个管理口,以及心跳口。

如下图,eth2口心跳口:

image-15-1024x197.png

2、主机高可用处,配置主机优先级为主,主HA口及对端IP,共享密钥,检测网口组,一般将LAN口配成一组,所有的WAN口配成一组,即LAN口断开会主备机切换,所有WAN口断开也会切换。

image-16.png

主机检测方式也可以不配置,此处配置的是arp和icmp都检测1个WAN口的网关

image-17.png
image-20.png
image-21.png

3、备机部署模式,WAN口、LAN口和主机一样,只有DMZ口不同,也是3个DMZ口,但是管理口地址不同,心跳口地址不同,还有剩下的不接线的eth1口地址也是10.252.252.252

4、备机高可用配置,基本配置也是主HA口、对端IP、共享密钥、检测网口组,备机的检测方式arp、icmp不配置,备机的切换行为、高级配置和主机一样。

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...