Before deploying virtual systems in the hot standby networking, understand the implementation mechanism and key configuration points of hot standby in the virtual systems.
The virtual system technology can divide a physical firewall to multiple mutually-independent logical firewalls. Each virtual system has independent configurations and resources. In this way, hardware resources are effectively used.
When two FWs are deployed in hot standby mode, virtual systems can be created for the FWs. The virtual system and hot standby functions can be used together. That is, virtual systems are used to isolate services on different networks, and hot standby is used to improve network reliability. If a fault occurs on the network where the virtual system of the active FW resides, the standby FW's virtual system takes over services from the active FW, ensuring service continuity. This does not mean that FWs support hot standby between two virtual systems. In fact, if a fault occurs on the network of any virtual system on the active FW, the priority of the VGMP group on the active FW is reduced. As a result, an active/standby switchover occurs on the two physical devices FWs. For example, if the interface of a virtual system on the active device goes Down, the switchover between the active and standby devices is triggered. After the standby FW takes over services, the virtual system on the standby FW can still take over services. In this way, services of the virtual system are not interrupted.
Configure routes (including OSPF and BGP routes) for virtual systems.
Bind VPN instances corresponding to virtual systems to OSPF and BGP.