1, Overview:

In order to guarantee high network availability and high reliability, 1000+ firewall provides a double hot backup feature, that is, in the same network node configuring two identical firewalls. Hot Standby mode uses two types of work patterns, the master - master mode and the master - slave model, two models described in detail as follows:

Master - Master: a working model that allows two firewalls working at the same time, when either of the servers fail, such as interface and connection failures, broken down machine, key process failure, performance degradation, extra high CPU and memory load, etc., the other firewall can smoothly take over the firewall and maintain connectivity, then balance load.

Master - Slave: Under normal circumstances the master firewall is working, and another firewall in the backup state. When accidents happen to the master firewall, such as network link failures, hardware failures, etc., the backup firewall automatically switch job status, Salve firewall will then replace the main firewall, thus ensuring the normal use of the network.
Switching process does not require human operation and the involvement of other systems, switching time is less than 10 seconds.

2, the firewall structure

Kingdon firewall hot standby diagram 1

Kingdon firewall hot standby diagram II

3, firewall software system settings

In the Hot Standby system, two firewall software version must be the same, the network port number and type are the same; two products can synchronously operating.

Firewall Management "Cluster page" detailed settings as follows

Hot standby mode: first set the cluster address;
Set up hot standby mode: in the master firewall set active mode, set the backup mode of the salve wall. Multi-channel activator should not be selected. (Later extended to use);
Abnormal switching time: can be filled in (unit second);
Link Detected Address: You can set up four, including the addresses outside and inside fire walls, (address set and management address should across the firewall) firewall would ping the address per second , thereby to detect abnormal traffic, in case of abnormal disruption of the firewall it will automatically switch to the backup firewall.