< Home

List of Configurations Supporting Backup and Not Supporting Backup

The configurations supporting backup in mirroring and non-mirroring modes are different. Before configuring and maintaining hot standby, read this section to learn configurations supporting backup and not supporting backup.

In most cases, display, reset, and debugging commands cannot be backed up.

Table 1 List of configurations supporting backup and not supporting backup

Item

Mirroring Mode

Non-mirroring Mode

Description

Interface

Partially supported

Partially supported

In mirroring mode, most interface configurations can be backed up, such as the interface IPv4 addresses, interface IPv6 addresses, interface MTUs, creation and deletion of logic interfaces, switching from Layer 3 interfaces to Layer 2 interfaces, and the duplex mode of interfaces. The shutdown command cannot be backed up.

In non-mirroring mode, most interface configurations cannot be backed up, but the creation and deletion of logical interfaces can be backed up.

Interface Pair

Supported

Supported

-

Static Route

Supported

Supported

In non-mirroring mode, static routes can be backed up only after the hrp auto-sync config static-route command is run.

Dynamic Route

Supported

Not Supported

In mirroring mode, dynamic routing configuration can be backed up. However, for smooth service switching during active/standby switchover in mirroring mode, the routes between the firewall and its upstream and downstream devices do not support dynamic routing. For details, see Hot Standby in Mirroring Mode.

Intelligent Uplink Selection

Supported

Partially supported

In non-mirroring mode, policy-based routes can be backed up after the hrp auto-sync config policy-based-route command is run.

In mirroring mode, intelligent uplink selection configuration can be backed up. However, for smooth service switching during active/standby switchover in mirroring mode, the configurations of the routes between the firewall and its upstream and downstream devices do not support intelligent uplink selection. For details, see Hot Standby in Mirroring Mode.

VLAN

Supported

Not Supported

-

Virtual System

Supported

Supported

Include the creation of virtual systems and service configuration commands on virtual systems.

The IP addresses and security zones of virtual-if interfaces are not backed up. You need to configure them separately on the active and standby devices.

Hot Standby

Partially supported

Partially supported

Commands that cannot be backed up in mirroring mode: hrp interface, hrp encryption-key, hrp configuration check, and hrp switch

Commands that cannot be backed up in non-mirroring mode: hrp interface, hrp adjust enable, hrp preempt, hrp track interface, hrp track ip-link, hrp track bfd-session, hrp track trunk-member enable, hrp encryption-key, hrp tcp link-state check delay, hrp configuration check, and hrp switch

Security Zone

Supported

Supported

Indicate creating and deleting security zones and assigning interfaces to security zones.

Security Policy

Supported

Supported

-

Smart Policy

Not Supported

Not Supported

-

Content Security

Supported

Supported

Include antivirus, intrusion prevention, URL filtering, filtering blocking, data filtering, application behavior control, cloud access security control, mail filtering, and AAPT.

SSL-Encrypted Traffic Detection

Supported

Supported

-

NAT

Supported

Supported

Include source NAT, NAT server, destination NAT, and ESP NAT.

CGN

Supported

Supported

Include NAT444, DS-Lite, NAT64, port pre-allocation and incremental allocation, PCP, and static mappings.

IPSec

Supported

Supported

-

L2TP

Supported

Not Supported

-

GRE

Supported

Not Supported

-

DSVPN

Supported

Not Supported

-

SSL VPN

Supported

Supported

When you run the hrp sync config command to manually back up data in batches, the configuration information in the SSL VPN database cannot be backed up.

Bandwidth Management

Supported

Supported

Include traffic policies and traffic profiles.

Quota Control Policy

Supported

Supported

-

User Authentication

Supported

Supported
  • Users' configuration information consists of two parts: some configuration information is stored in the configuration file and can be backed up manually in batches or automatically, and the other configuration information is stored in the user database and can only be backed up automatically.
  • When you run the hrp sync config command to manually back up data in batches, the configuration information in the user database cannot be backed up.
  • In the hot backup scenario, you need to import a CSV file to both the active and standby FWs. This is because the active FW does not automatically synchronize the imported users to the standby FW.

Authentication Server

Supported

Supported

Authentication servers include RADIUS, HWTACACS, AD, LDAP, and Agile Controller authentication servers.

  • Commands that cannot be backed up in mirroring mode: firewall source-ip and hwtacacs-server source-ip.
  • Commands that cannot be backed up in non-mirroring mode: radius-server authentication source ip-address, radius-server accounting source ip-address, hwtacacs-server source-ip, ad-server source ip-address, ldap-server source ip-address, and firewall source-ip.

Audit Policy

Supported

Supported

-

SLB

Supported

Supported

-

SSL Offloading

Supported

Supported

-

IP-Link

Supported

Not Supported

-

Link-group

Partially supported

Not Supported

Commands that cannot be backed up in mirroring mode: link-group-monitor and monitor link-group

BFD

Not Supported

Not Supported

-

Hardware Fast Forwarding

Supported

Supported

The hrp standby sync fast-forwarding table enable [ asym-next-hop ] command enables the flow table backup function.

Administrator Configuration

Supported

Supported

Including creating and deleting administrators, setting an administrator password, configuring an administrator role, and automatic lockout upon administrator login failures

Web UI Administrator Configuration

Supported

Supported

Include the web login interface, SSL encryption suite, SSL encryption protocol, web login timeout period, web certificate, and web login alarm information.

CLI Administrator Configuration

Supported

Not Supported

Include the VTY configuration and user-interface configuration.

SSH/Stelnet/SFTP/FTP Server Configuration

Supported

Not Supported

Configuration of the device serving as an SSH/Stelnet/SFTP/FTP server

SSH/Stelnet/SFTP/FTP Client Configuration

Not Supported

Not Supported

Configuration of the device serving as an SSH/Stelnet/SFTP/FTP client

System Clock

Supported

Not Supported

-

NTP

Supported

Not Supported

-

License Management

Partially supported

Not Supported

The license active command can be backed up in mirroring mode.

SNMP

Partially supported

Not Supported

Commands that cannot be backed up in mirroring mode: snmp-agent usm-user and snmp-agent trap type

Across-Layer-3 MAC Identification

Supported

Not Supported

-

Configuration File Management

Partially supported

Partially supported

The operation for saving configuration files can be backed up.

POE

Not Supported

Not Supported

Not Supported

System Software and Patch Management

Not Supported

Not Supported

-

Signature database update configuration

Partially supported

Partially supported

The region identification signature database cannot be backed up.

SSL VPN Client Patch Configuration

Not Supported

Not Supported

-

NQA

Supported

Not Supported

-

TWAMP Light

Supported

Supported

-

LLDP

Supported

Not Supported

-

NetStream

Supported

Not Supported

-

API Configuration

Partially supported

Partially supported

Commands that cannot be backed up in mirroring mode: security server-certificate and security version

Commands that cannot be backed up in non-mirroring mode: api call-home, security server-certificate, and security version

Cloud Management Mode Switching

Not Supported

Not Supported

-

802.1x

Supported

Not Supported

-

PPPoE

Supported

Not Supported

-

DHCP Server

Supported

Supported

-

DHCPv6 Server

Supported

Supported

-

DHCP Client

Supported

Not Supported

-

DNS

Supported

Partially supported

Include the configurations of the device serving as a DNS client, DNS relay, and DNS agent.

In non-mirroring mode, the dns server [ipv6] source-ip and undo dns server [ipv6] source-ip commands do not support backup.

DDNS

Supported

Supported

-

DNS Transparent Proxy

Supported

Not Supported

In non-mirroring mode, DNS transparent proxy can be backed up only after the hrp auto-sync config dns-transparent-policy command is run.

Smart DNS

Supported

Supported

-

MAC Address Table Configuration

Partially supported

Partially supported

Commands that cannot be backed up in mirroring mode: mac-address blackhole and mac-address static

Commands that cannot be backed up in the non-mirroring mode: mac-address blackhole, mac-address static, mac-address learning disable, mac-limit, undo mac-address all, and undo mac-address dynamic

ARP configuration

Supported

Not Supported

-

VXLAN

Supported

Supported

-

MPLS

Supported

Not Supported

-

Address Object and Address Group

Supported

Supported

-

Domain Group

Supported

Supported

-

Region and Region Group

Supported

Supported

-

Service and Service Group

Supported

Supported

-

Application and Application Group

Supported

Supported

-

Devices and Device Groups

Supported

Supported

-

IP Address Pool

Supported

Supported

-

Certificate

Supported

Supported

Include the local certificate, CA certificate, CRL, certificate filtering, and SSL decryption certificate.

Schedule

Supported

Supported

-

Tag

Supported

Supported

-

IPv4 ACL

Supported

Supported

-

Keychain

Supported

Not Supported

-

IPv6 ACL

Supported

Supported

-

IPv6 over IPv4 Tunnel

Supported

Not Supported

-

IPv4 over IPv6 Tunnel

Supported

Not Supported

-

IPv6 Neighbor Discovery

Supported

Not Supported

-

Anti-DDoS

Supported

Supported

-

Ping Proxy

Supported

Supported

-

TCP Proxy

Supported

Supported

-

New Session Suppression

Supported

Supported

-

Blacklist

Supported

Supported

-

Whitelist

Supported

Supported

-

IP-MAC Binding

Supported

Supported

-

ASPF/ALG

Supported

Supported

-

URPF

Supported

Not Supported

-

SACG

Supported

Supported

The local ip command cannot be backed up in non-mirroring mode.

IDS Interworking

Supported

Supported

-

HiSec Insight Interworking

Supported

Supported

-

IP Multicast

Supported

Not Supported

-

Log Output Configuration

Partially supported

Partially supported

Commands that cannot be backed up in non-mirroring mode: firewall log source and info-center (excluding info-center source, info-center loghost and info-center enable)

Report Customization

Supported

Supported

-

5-Tuple Packet Capture

Supported

Not Supported

-

Port Mirroring

Supported

Not Supported

-

Security Situation Awareness

Supported

Supported

-

Flow Probe

Not Supported

Not Supported

-
Parent Topic: References for Hot Standby
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic