华为防火墙vrrp+hrp双机热备主备备份（两端为交换机）

默认上下来全两个vrrp主都是左边

工作原理：
vrrp刚开机都是先initialize状态，然后切成active或standb状态。

hrp使用18514端口，且用的单播，要策略放行，由主设备发hrp心跳报文

如果设备为acitve状态时自动优先级为65001，如果有故障自动减2，变成64999，并将自身转发standby状态，时间较短，用户不可见。

如果主设备接口down掉，主设备切成standby状态后，那这个接口会一直处于initialize状态不变.。

如果是standby状态时自动优先级为65000

主要配置：

FW1

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2

interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 active

interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 active

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy //暂时全允许
default action permit

FW2:

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1

interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.3 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 standby

interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy
default action permit

查看：

dis hrp state verbose