配置ZBFW高可用性並對其進行故障排除

<!DOCTYPE html> <html xmlns:fb="//www.facebook.com/2008/fbml" xmlns:og="//opengraphprotocol.org/schema/" lang="zh" xml:lang="zh" class="no-touch no-js"> <head> <meta charset="utf-8"> <meta name="HandheldFriendly" content="True" /> <meta name="MobileOptimized" content="320" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="rei" content="3/2/2022 10.39am est" /> <script tyle="text/javascript" src="/content/dam/cdc/j/cdcrSwitch.js"></script> <script type="text/javascript"> if (typeof cdc === "undefined"){ cdc = {}; } cdc.localizedLang="zh_tw"; if (window.cdcext === undefined) { window.cdcext = {}; } cdcext.customEnvironment = "prod"; if (window.cdclocale === undefined) { window.cdclocale = {}; } cdclocale.locale = cdc.localizedLang=="en/us"?"en_us":cdc.localizedLang; </script> <script src="/c/dam/cdc/t/ctm-core.js"></script> <script> window['adrum-start-time'] = new Date().getTime(); window.environ = "prod" ; </script> <script> if (window.cpe === undefined) { window.cpe = {}; } cpe.accountName = "prod"; cpe.config = ["cinf","dsc","pps"]; cpe.hideMethod = "elements"; window.targetGlobalSettings = JSON.parse('{\x22timeout\x22:4000}'); window.targetPageParamsAll = () => JSON.parse('{\x22entity\x22:\x22{\\\x22id\\\x22:\\\x221661346923338409\\\x22,\\\x22categoryId\\\x22:\\\x22Products,Security,TSD Products Tech Note\\\x22}\x22}'); const bullseyeLibrary = `/etc.clientlibs/cisco-cdc/clientlibs/clientlib-external/resources/external/bullseye.js`; import(bullseyeLibrary); </script> <script src="/etc.clientlibs/cisco-cdc/clientlibs/clientlib-external/resources/regional-mbox/regional-mbox.js"></script> <title>配置ZBFW高可用性並對其進行故障排除 - Cisco</title> <meta name="format-detection" content="telephone=no"> <meta http-equiv="Content-type" content="text/html;charset=UTF-8" /> <meta name="description" content="本指南提供用於主用/備用設定的區域防火牆高可用性(HA)的基本配置，以及故障排除命令和功能中出現的常見問題。" /> <meta name="title" content="配置ZBFW高可用性並對其進行故障排除" /> <meta name="documentId" content="115956" /> <meta name="templateName" content="eot" /> <meta name="PID" content="FL37-H=,FR-C6FW" /> <meta property="fb:app_id" content="156494687694418" /> <meta name="ioContentSource" content="support" /> <meta name="concept" content="Cisco IOS Firewall" /> <meta name="ioProblemType" content="Troubleshoot" /> <meta name="docType" content="TSD Products Tech Note" /> <meta name="iaPath" content="cisco.com#Products#Cisco Products#Security#Network Security#Integrated Threat Control#Cisco IOS Firewall" /> <meta name="contentType" content="cisco.com#TW#postSales" /> <meta name="locale" content="TW" /> <meta name="language" content="zh" /> <meta name="country" content="TW" /> <meta name="hub" content="Enterprise Networks" /> <meta name="CCID_Page" content="cc001775" /> <meta name="date" content="Sun Aug 21 15:41:29 PDT 2022" /> <meta name="sourceGroup" content="TACAuthored" /> <meta name="contentArea" content="Security and VPN" /> <meta name="accessLevel" content="Customer" /> <meta name="accessLevel" content="Guest" /> <meta name="accessLevel" content="Partner" /> <meta name="entitlementExpression" content="contains( "0,1,2,3,4,7" , $profileField[3] )" /> <meta property="og:site_name" content="Cisco" /> <meta property="og:type" content="website" /> <meta property="og:title" content="配置ZBFW高可用性並對其進行故障排除" /> <meta property="og:description" content="本指南提供用於主用/備用設定的區域防火牆高可用性(HA)的基本配置，以及故障排除命令和功能中出現的常見問題。" /> <meta property="og:url" content="https://www.cisco.com/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html" /> <link rel="canonical" href="https://www.cisco.com/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="x-default" href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="pt-br" href="https://www.cisco.com/c/pt_br/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="es-mx" href="https://www.cisco.com/c/es_mx/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="ko-kr" href="https://www.cisco.com/c/ko_kr/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="it-it" href="https://www.cisco.com/c/it_it/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="ja-jp" href="https://www.cisco.com/c/ja_jp/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="de-de" href="https://www.cisco.com/c/de_de/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="fr-ca" href="https://www.cisco.com/c/fr_ca/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="ar-ae" href="https://www.cisco.com/c/ar_ae/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="nl-nl" href="https://www.cisco.com/c/nl_nl/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="zh-cn" href="https://www.cisco.com/c/zh_cn/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="zh-tw" href="https://www.cisco.com/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <link rel="alternate" hreflang="en-us" href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html"/> <script src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script> <script src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script> <script src="/etc.clientlibs/clientlibs/granite/jquery/granite.min.js"></script> <script src="/etc.clientlibs/foundation/clientlibs/jquery.min.js"></script> <script src="/etc.clientlibs/foundation/clientlibs/shared.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/underscore.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js"></script> <script src="/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js"></script> <script type="text/javascript"> $CQ(function() { CQ_Analytics.SegmentMgr.loadSegments("\/etc\/segmentation"); CQ_Analytics.ClientContextUtils.init("\/c\/dnc\/etc\/clientcontext\/default", "\/content\/zh_tw\/support\/docs\/security\/ios\u002Dfirewall\/115956\u002Dzbfw\u002Dha\u002Dconfig\u002Dts\u002D00"); }); </script> <script src="/etc/designs/cdc/clientlibs/responsive/js/foundation.min.js"></script> <link rel="stylesheet" href="/etc/designs/cdc/clientlibs/responsive/css/responsive.min.css" type="text/css"> <script> sessionStorage.setItem("logOutIntermediateMessage", '您即將登出。'); </script>  <script type="application/ld+json"> [ { "@context": "http://www.schema.org", "@type": "WebPage", "name": "配置ZBFW高可用性並對其進行故障排除", "url": "https://www.cisco.com/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html", "description": "本指南提供用於主用/備用設定的區域防火牆高可用性(HA)的基本配置，以及故障排除命令和功能中出現的常見問題。", "publisher": { "@type": "Corporation", "name": "Cisco" } }] </script>    <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="GKZXC-NS3SU-A7VFH-HKBHM-U7LKH",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"GKZXC-NS3SU-A7VFH-HKBHM-U7LKH";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="bdpnbeqxgy4r2z557xrq-f-8833b94c8-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"61004","ak.ai":parseInt("271834",10),"ak.ol":"0","ak.cr":3,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"1815d56","ak.r":37669,"ak.a2":n,"ak.m":"dsca","ak.n":"essl","ak.bpcip":"8.222.208.0","ak.cport":55240,"ak.gh":"23.53.33.212","ak.quicv":"","ak.tlsv":"tls1.2","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1740504547","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==7hbYUa9Go6v8jfPJUFApBbS6Kpg0rVZDHJkjg21KAqEjmJ36TVi2OMAgZkQEmZpsM3FhYqWdfpl/VDBnWEu8+jNEL/pi0xCVjdjLU1nMm2S1RyPc41Q8Pj3FT4Ys9JQ8CDCdNu9+s72n1Fr6Kb9EUTV3w0qBU7o9yH82L1HG0TGSxGrIhVL/LIqP//sgqTT2N5ggwFI8RQTkpQNNONlhdF3pM1Bz3scxZ1k6kVVJOkvDYU4sSXCzoEPLt1ShZDay6PVwTyvo30ZPbWIO6VqCq9HmTTBXTItfcpnj++/1BI/inbA0XXQgVcp50nouwa4HP5keBw2XAYE6g/xnP3LCtOHnA9gPna/lXT+iFerLgLUE2GCokRwip+USfiaBTTvSqKk0HiRJ2kg9BW2KSJ3pe/7oLYp0YWcK0eEPOqNrRZw=","ak.pv":"521","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head> <body id="wcq" class="fw-res cdc-support cdc-eot cdc-high-density cdc-full-width cdc-transform "> <div id="fw-skiplinks"> <ul class="container"> <li><a id="skiplink-content" href="#fw-content">跳转到页面内容</a></li> <li><a id="skiplink-search" href="#">略過搜尋</a></li> <li><a id="skiplink-footer" href="#fw-footer-v2" class="last">跳转到页脚</a></li> </ul> </div> <script type="module" src="/site/web-components/tw/zh/cdc-header.js"></script> <cdc-header></cdc-header> <nav class="fw-c-header__seo-links" aria-hidden="true" style="display:none"> <ul> <li><a tabindex="-1" href="/c/zh_tw/index.html">Cisco.com 台灣</a></li> <li><a tabindex="-1" href="/c/zh_tw/products/index.html">產品與服務</a></li> <li><a tabindex="-1" href="//www.cisco.com/c/zh_tw/solutions/index.html">解決方案</a></li> <li><a tabindex="-1" href="/c/zh_tw/support/index.html">支援</a></li> <li><a tabindex="-1" href="/c/zh_tw/training-events.html">瞭解</a></li> <li><a tabindex="-1" href="/c/zh_tw/about/sitemap.html">探索思科</a></li> <li><a tabindex="-1" href="/c/zh_tw/buy.html">購買方式</a></li> <li><a tabindex="-1" href="/c/zh_tw/partners.html">合作夥伴首頁</a></li> <li><a tabindex="-1" href="/c/zh_cn/partners/partner-with-cisco.html?ccid=cc000864&dtid=odiprc001129">全新合作夥伴計畫</a></li> <li><a tabindex="-1" href="/c/zh_tw/partners/support-help.html">支援</a></li> <li><a tabindex="-1" href="/c/zh_tw/partners/tools.html">工具</a></li> <li><a tabindex="-1" href="//locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do">尋找思科合作夥伴</a></li> <li><a tabindex="-1" href="/c/en/us/partners/connect-with-a-partner.html">認識思科合作夥伴</a></li> <li><a tabindex="-1" href="//partnersuccess.cisco.com/becomeapartner">成為思科合作夥伴</a></li> </ul> </nav> <div id="fw-content" class="container grid"> <div class="row full blowout" data-owner="ID"> <div class="col full "> <nav id="fw-breadcrumb" class="data-based" data-owner="ID"> <ul itemscope itemtype="//schema.org/BreadcrumbList"> <li aria-hidden="true"><a href='#' class="skip"><span></span></a></li> <li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/zh_tw/support/index.html'><span itemprop='name'>支援</span><meta itemprop='position' content='1' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/zh_tw/support/all-products.html'><span itemprop='name'>產品資源</span><meta itemprop='position' content='2' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/zh_tw/support/security/index.html'><span itemprop='name'>資安</span><meta itemprop='position' content='3' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/zh_tw/support/security/ios-firewall/series.html'><span itemprop='name'>Cisco IOS 防火牆</span><meta itemprop='position' content='4' /></a><span class='caret'></span></li><li itemprop='itemListElement' itemscope itemtype='//schema.org/ListItem'><a itemprop='item' href='/c/zh_tw/support/security/ios-firewall/products-tech-notes-list.html'><span itemprop='name'>疑難排解技術筆記</span><meta itemprop='position' content='5' /></a><span class='caret'></span></li> </ul> </nav> <script> if (window.cdc === undefined) { window.cdc = {}; } if (cdc.breadcrumb === undefined) { cdc.breadcrumb = (function () { let clone = document.querySelector('#fw-breadcrumb').cloneNode(true); let appendClone = function () { let hasBreadcrumb = document.querySelector('#fw-breadcrumb') !== null, firstMarquee = document.querySelectorAll('.dmc-mq')[0]; if (!hasBreadcrumb && firstMarquee !== undefined) { firstMarquee.querySelector('.frame .inset').insertBefore(this.clone, firstMarquee.querySelector('.frame .inset').firstElementChild); } }; return { clone: clone, appendClone: appendClone } }()); } //DE380224 var anchorChild = document.getElementsByTagName("a"); for(var i=0; i<anchorChild.length; i++){ if(anchorChild[i].getAttribute("itemprop")=="item") { if ( anchorChild[i].href.includes("%3Clocale%3E") ){ let anchorChildHREF = anchorChild[i].href; let docLocale = document.querySelector('meta[name="locale"]').getAttribute('content'); let docLanguage = document.querySelector('meta[name="language"]').getAttribute('content'); var docSeparator; if ((docLocale.toLowerCase() == "us") && (docLanguage.toLowerCase() == "en")) { docSeparator="/"; } else { docSeparator="_"; } let anchorURLReplace = docLanguage.toLowerCase() + docSeparator + docLocale.toLowerCase(); anchorChildHREF = anchorChildHREF.replace("%3Clocale%3E", anchorURLReplace); anchorChild[i].setAttribute('href', anchorChildHREF); } } } </script> <h1 id="fw-pagetitle" class="" data-owner="ID">配置ZBFW高可用性並對其進行故障排除</h1> </div> </div>     <div class="row blowout wide-narrow-v2 visitedlinks">   <div class="col wide-v2"> <script> if (typeof(cdc) == "undefined") cdc={}; if (typeof(cdc.translations) == "undefined") cdc.translations={}; </script> <div class="docHeaderComponent base-blowout"> <div class="linksRow"> <img class="noprint tacLogo" src="/etc/designs/cdc/fw/i/TAC_lg-icon.png"/> <div class="toolbar"> <div class="noprint" id="saveModule"> <script type="text/javascript"> cdc.util.ensureNamespace("cdc.rc.savedoc"); cdc.rc.savedoc.isLoggedIn = false; cdc.rc.savedoc.save = "儲存"; cdc.rc.savedoc.saved = "已儲存"; </script> <button class="save"> <label>儲存</label> </button> </div> <div class="saveDocumentMessage login cdc-expandPanel" role="region" aria-live="polite"> <a href="/c/login/index.html?referer=/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html">登入</a>即可儲存內容 </div>   <script type="text/javascript"> jQuery(document).ready(function(){ jQuery('body').addClass('nonEnglishLocale'); cdc.translations.locale="zh_tw"; }); </script> <div class="noprint translations"> <a class="nonEnglish" href="https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.html" tabindex="-1"> <button type="button" class="translations-link anchor translationOptions simpleOverlay-trigger"> <div class="toolbarIcon translationsIcon"></div><label class="iconLabel" id="onlyForNonEn">英文</label> </button> </a> </div> <script type="text/javascript"> /* Specifically for books at the simple overlay trigger class on English locale pages, if its a non english locale do not add the trigger. */ if(jQuery('body').hasClass('cdc-books') && !jQuery('a').hasClass('nonEnglish')) { jQuery('.translations').addClass('simpleOverlay-trigger'); } </script> <div class="noprint downloadDocument" ><button type="button" class="view-download-list-link anchor" aria-expanded="false"><div class="toolbarIcon downloadIcon"></div><label class="iconLabel">下載</label></button></div> <div class="noprint printDocument js-only"><button type="button" class="anchor printPage"><div class="toolbarIcon printIcon"></div><label class="iconLabel">列印</label></button></div> </div> </div>  <div id="download-list-container" class="noprint panelRow" role="region" aria-live="polite" tabindex="-1"> <div class='download-list' aria-label="下載選項"> <h3>下載選項</h3> <ul> <li> <div class="fileText"> <a href="/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.pdf" class="download-pdf"><div class="fileIcon pdfIcon"></div>PDF</a> <span class="docSize">(299.5 KB)</span> <br /> <span class="description">在多種裝置上使用 Adobe Reader 檢視</span> </div> </li> <li> <div class="fileText"> <a href="/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.epub" class="download-epub"><div class="fileIcon epubIcon"></div>ePub</a> <span class="docSize">(113.1 KB)</span> <br /> <span class="description">在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視</span> </div> </li> <li> <div class="fileText"> <a href="/c/zh_tw/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-00.mobi" class="download-mobi"><div class="fileIcon mobiIcon"></div>Mobi (Kindle)</a> <span class="docSize">(105.1 KB)</span> <br /> <span class="description">在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視</span> </div> </li> </ul> </div> </div> <div class="infobarClearFix"> <div class="infobar"> <div class="updatedDate"><span>已更新:</span> 2013 年 11 月 5 日</div> <div class="documentId"><span>文件 ID:</span>115956</div> </div> <div class="disclaimers support"> <div class="disclaimerButtons"> <div class="aboutBias"> <button>無偏見用語</button> </div> <div class="aboutTranslation"> <button>關於翻譯</button> </div> </div> <div class="biasfreeContent panel"> <h3>無偏見用語</h3> <p>本產品的文件集力求使用無偏見用語。針對本文件集的目的，無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言，或引用第三方產品的語言，因此本文件中可能會出現例外狀況。<a href="https://www.cisco.com/c/en/us/about/social-justice/inclusive-language-policy.html">深入瞭解</a>思科如何使用包容性用語。</p> </div> <div class="translationContent panel"> <h3>關於此翻譯</h3> <p>思科已使用電腦和人工技術翻譯本文件，讓全世界的使用者能夠以自己的語言理解支援內容。請注意，即使是最佳機器翻譯，也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責，並建議一律查看原始英文文件（提供連結）。</p> </div> </div> </div> </div> <script> jQuery(document).ready(function(){ if(jQuery("body").hasClass("cdc-eot-toc") && jQuery(".cdc-eot-toc").find(".DocumentHistory").length > 0){ jQuery(".cdc-eot-toc .seeRevisions").show(); if(jQuery(window).width() >= 768){ jQuery(".cdc-eot-toc .updatedDate").nextAll(".bullet").show(); } }else{ jQuery(".cdc-eot-toc .infobar .bullet").hide(); jQuery(".cdc-eot-toc .seeRevisions"); jQuery(".cdc-eot-toc .updatedDate"); } }) </script> <script src="/etc/designs/cdc/fw/clientlibs/granite-utils.min.js"></script> <script type="text/javascript"> if (typeof cdc === "undefined") cdc={}; if (typeof cdc.rc === "undefined") cdc.rc={}; </script> <script type="text/javascript"> // initialize dictionary for i18n cdc.util.ensureNamespace("cdc.rc"); cdc.rc.eotkeys = { showOnly5Products : "僅顯示 5 個產品", showAllRowsProducts : "顯示所有 nRows 產品", supportCommunityUrl : "https://community.cisco.com/t5/technology-and-support/ct-p/technology-support", supportCommunity : "思科社群", thankYou : "謝謝", viewersAlso : "客戶也檢視了", show : "顯示", more : "更多", showOnly3Documents: "僅顯示 3 份文件" }; </script> <div id="eot-doc-wrapper" > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="GKZXC-NS3SU-A7VFH-HKBHM-U7LKH",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"GKZXC-NS3SU-A7VFH-HKBHM-U7LKH";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="bdpnbeqxgy4r2z557xrq-f-8833b94c8-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"61004","ak.ai":parseInt("271834",10),"ak.ol":"0","ak.cr":3,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"1815d56","ak.r":37669,"ak.a2":n,"ak.m":"dsca","ak.n":"essl","ak.bpcip":"8.222.208.0","ak.cport":55240,"ak.gh":"23.53.33.212","ak.quicv":"","ak.tlsv":"tls1.2","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1740504547","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==7hbYUa9Go6v8jfPJUFApBbS6Kpg0rVZDHJkjg21KAqEjmJ36TVi2OMAgZkQEmZpsM3FhYqWdfpl/VDBnWEu8+jNEL/pi0xCVjdjLU1nMm2S1RyPc41Q8Pj3FT4Ys9JQ8CDCdNu9+s72n1Fr6Kb9EUTV3w0qBU7o9yH82L1HG0TGSxGrIhVL/LIqP//sgqTT2N5ggwFI8RQTkpQNNONlhdF3pM1Bz3scxZ1k6kVVJOkvDYU4sSXCzoEPLt1ShZDay6PVwTyvo30ZPbWIO6VqCq9HmTTBXTItfcpnj++/1BI/inbA0XXQgVcp50nouwa4HP5keBw2XAYE6g/xnP3LCtOHnA9gPna/lXT+iFerLgLUE2GCokRwip+USfiaBTTvSqKk0HiRJ2kg9BW2KSJ3pe/7oLYp0YWcK0eEPOqNrRZw=","ak.pv":"521","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head> <body id="libra">                    <link rel="stylesheet" type="text/css" href="/c/dam/en/us/support/docs/common/support-docs.css">     <script language="JavaScript"> loadjscssfile('/c/dam/en/us/support/docs/common/support-docs.css','css');</script> <script type="text/javascript">var addthis_config = {"data_track_clickback":true};</script>   <div id="tg-body"> <div id="support-toc"> <h2>目錄</h2> <div class="toc-h2"> <a href="#anc0">簡介</a> </div> <div class="toc-h2"> <a href="#anc2">必要條件</a> </div> <div class="toc-h3"> <a href="#anc3">需求</a> </div> <div class="toc-h3"> <a href="#anc4">採用元件</a> </div> <div class="toc-h2"> <a href="#anc5">慣例</a> </div> <div class="toc-h2"> <a href="#anc6">設定</a> </div> <div class="toc-h3"> <a href="#anc7">範例 1：Router 1配置片段（主機名ZBFW1）</a> </div> <div class="toc-h3"> <a href="#anc8">範例 2：路由器2配置片段（主機名ZBFW2）</a> </div> <div class="toc-h2"> <a href="#anc9">疑難排解</a> </div> <div class="toc-h3"> <a href="#anc10">確認裝置之間可以通訊</a> </div> <div class="toc-h4"> <a href="#anc11">範例 3:對等存在檢測</a> </div> <div class="toc-h4"> <a href="#anc12">範例 4:精細輸出</a> </div> <div class="toc-h4"> <a href="#anc13">範例 5：角色狀態和優先順序</a> </div> <div class="toc-h4"> <a href="#anc14">範例 6：確認已分配RII組ID</a> </div> <div class="toc-h3"> <a href="#anc15">驗證連線是否複製到對等路由器</a> </div> <div class="toc-h4"> <a href="#anc16">範例 7：已處理的連線</a> </div> <div class="toc-h3"> <a href="#anc17">收集調試輸出</a> </div> <div class="toc-h2"> <a href="#anc20">常見問題</a> </div> <div class="toc-h3"> <a href="#anc21">控制和資料介面選擇</a> </div> <div class="toc-h3"> <a href="#anc22">缺席RII組</a> </div> <div class="toc-h3"> <a href="#anc23">自動容錯移轉</a> </div> <div class="toc-h3"> <a href="#anc24">非對稱路由</a> </div> <div class="toc-h4"> <a href="#anc25">範例 11：非對稱路由配置</a> </div> <div class="toc-h2"> <a href="#anc26">相關資訊</a> </div> </div> <p><a class="auto_toc_anchor" name="anc0"></a></p> <h2>簡介</h2> <p>本指南提供用於主用/備用設定的區域防火牆高可用性(HA)的基本配置，以及故障排除命令和功能中出現的常見問題。</p> <p>Cisco IOS<sup>®</sup>區域型防火牆(ZBFW)支援HA，因此可以在主用/備用或主用/主用設定中配置兩台Cisco IOS路由器。這樣可允許冗餘，以防止單點故障。</p> <p><a class="auto_toc_anchor" name="anc2"></a></p> <h2>必要條件</h2> <p><a class="auto_toc_anchor" name="anc3"></a></p> <h3>需求</h3> <p>您必須擁有高於Cisco IOS軟體版本15.2(3)T的版本。</p> <p><a class="auto_toc_anchor" name="anc4"></a></p> <h3>採用元件</h3> <p>本文件所述內容不限於特定軟體和硬體版本。</p> <p>本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路正在作用，請確保您已瞭解任何指令可能造成的影響。</p> <p><a class="auto_toc_anchor" name="anc5"></a></p> <h2>慣例</h2> <p>如需文件慣例的詳細資訊，請參閱<a onclick="s_objectID="http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtml_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtml" rel="nofollow">思科技術提示慣例。</a></p> <p><a class="auto_toc_anchor" name="anc6"></a></p> <h2>設定</h2> <p>此圖顯示配置示例中使用的拓撲。</p> <p><img src="/c/dam/en/us/support/docs/security/ios-firewall/115956-zbfw-ha-config-ts-01.gif" align="middle"></p> <p>在範例1所示的組態中，設定ZBFW是為了檢查TCP、UDP和網際網路控制訊息通訊協定(ICMP)從內部到外部的流量。粗體顯示的配置設定HA功能。在Cisco IOS路由器中，HA是通過<strong>redundancy</strong> subconfig命令配置的。為了配置冗餘，第一步是在全域性檢查引數對映中啟用冗餘。</p> <p>啟用冗餘後，輸入<strong>application redundancy</strong>子配置，然後選擇用於<strong>控制</strong>和<strong>資料</strong>的介面。控制介面用於交換有關每台路由器狀態的資訊。資料介面用於交換有關應複製的連線的資訊。</p> <p>在範例2中，如果路由器1和路由器2均正常運行，<strong>priority</strong>命令也會設定為使路由器1成為配對中的活動單元。使用<strong>preempt</strong>命令（在本文檔中還將進一步討論）以確保在優先順序更改後出現故障。</p> <p>最後一步是將<strong>冗餘介面識別符號(RII)</strong>和<strong>冗餘組(RG)</strong>分配給每個介面。每個介面的<strong>RII</strong>組號必須是唯一的，但是對於同一子網中的介面，它必須在裝置之間匹配。當兩台路由器同步配置時，RII僅用於批次同步過程。這就是兩台路由器同步冗餘介面的方式。<strong>RG</strong>用於指示通過該介面的連線被複製到HA連線表中。</p> <p>在範例2中，<strong>redundancy group 1</strong>命令用於在內部介面上建立虛擬IP(VIP)位址。這可以確保高可用性，因為所有內部使用者只與活動裝置處理的VIP通訊。</p> <p>外部介面沒有任何RG配置，因為這是廣域網介面。Router 1和Router 2的外部介面不屬於同一個Internet服務提供商(ISP)。在外部介面上，需要動態路由協定來確保流量通過正確的裝置。</p> <p><a class="auto_toc_anchor" name="anc7"></a></p> <h3>範例 1：Router 1配置片段（主機名ZBFW1）</h3> <pre>parameter-map type inspect global<br> <strong>redundancy</strong><br> log dropped-packets enable <br>!<br><strong>redundancy<br> application redundancy<br> group 1<br> name ZBFW_HA<br> preempt<br> priority 200<br> control Ethernet0/2 protocol 1<br> data Ethernet0/2</strong><br>!<br>class-map type inspect match-any PROTOCOLS<br> match protocol tcp<br> match protocol udp<br> match protocol icmp<br>class-map type inspect match-all INSIDE_TO_OUTSIDE_CMAP<br> match class-map PROTOCOLS<br> match access-group name INSIDE_TO_OUTSIDE_ACL<br>!<br>policy-map type inspect INSIDE_TO_OUTSIDE_PMAP<br> class type inspect INSIDE_TO_OUTSIDE_CMAP<br> inspect<br> class class-default<br> drop<br>!<br>ip access-list extended INSIDE_TO_OUTSIDE_ACL <br> permit ip any any<br>!<br>zone security INSIDE<br>zone security OUTSIDE<br>zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE<br> service-policy type inspect INSIDE_TO_OUTSIDE_PMAP<br>!<br>interface Ethernet0/0<br> ip address 10.1.1.1 255.255.255.0<br> ip nat inside<br> ip virtual-reassembly in<br> zone-member security INSIDE<br> <strong>redundancy rii 100<br> redundancy group 1 ip 10.1.1.3 exclusive</strong><br>!<br>interface Ethernet0/1<br> ip address 203.0.113.1 255.255.255.0<br> ip nat outside<br> ip virtual-reassembly in<br> zone-member security OUTSIDE<br> <strong>redundancy rii 200</strong></pre> <p><a class="auto_toc_anchor" name="anc8"></a></p> <h3>範例 2：路由器2配置片段（主機名ZBFW2）</h3> <pre>parameter-map type inspect global<br> redundancy<br> log dropped-packets enable<br>!<br><strong>redundancy<br> application redundancy<br> group 1<br> name ZBFW_HA<br> preempt<br> priority 200<br> control Ethernet0/2 protocol 1<br> data Ethernet0/2</strong><br>!<br>class-map type inspect match-any PROTOCOLS<br> match protocol tcp<br> match protocol udp<br> match protocol icmp<br>class-map type inspect match-all INSIDE_TO_OUTSIDE_CMAP<br> match class-map PROTOCOLS<br> match access-group name INSIDE_TO_OUTSIDE_ACL<br>!<br>policy-map type inspect INSIDE_TO_OUTSIDE_PMAP<br> class type inspect INSIDE_TO_OUTSIDE_CMAP<br> inspect<br> class class-default<br> drop<br>!<br>ip access-list extended INSIDE_TO_OUTSIDE_ACL <br> permit ip any any<br>!<br>zone security INSIDE<br>zone security OUTSIDE<br>zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE <br> service-policy type inspect INSIDE_TO_OUTSIDE_PMAP<br>!<br>interface Ethernet0/0<br> ip address 10.1.1.2 255.255.255.0<br> ip nat inside<br> ip virtual-reassembly in<br> zone-member security INSIDE<br> <strong>redundancy rii 100<br> redundancy group 1 ip 10.1.1.3 exclusive</strong><br>!<br>interface Ethernet0/1<br> ip address 203.0.113.2 255.255.255.0<br> ip nat outside<br> ip virtual-reassembly in<br> zone-member security OUTSIDE<br> <strong>redundancy rii 200</strong></pre> <p><a class="auto_toc_anchor" name="anc9"></a></p> <h2>疑難排解</h2> <p>本節提供的資訊可用於對組態進行疑難排解。</p> <p><a class="auto_toc_anchor" name="anc10"></a></p> <h3>確認裝置之間可以通訊</h3> <p>為了確認裝置可以相互看到，您必須驗證冗餘應用程式組的運行狀態是否為up。然後，確保每台裝置都承擔了正確的角色，並且可以看到其對等裝置的正確角色。在示例3中，ZBFW1處於活動狀態並檢測其對等體為備用。在ZBFW2上則相反。當兩台裝置同時顯示運行狀態為開啟狀態並檢測到其對等體存在時，兩台路由器可以通過控制鏈路成功通訊。</p> <p><a class="auto_toc_anchor" name="anc11"></a></p> <h4>範例 3:對等存在檢測</h4> <pre>ZBFW1# <strong>show redundancy application group 1</strong><br>Group ID:1<br>Group Name:ZBFW_HA<br><br>Administrative State: No Shutdown<br>Aggregate operational state : Up<br>My Role: <strong>ACTIVE</strong><br>Peer Role: <strong>STANDBY</strong><br>Peer Presence: Yes<br>Peer Comm: Yes<br>Peer Progression Started: Yes<br><br>RF Domain: btob-one<br> RF state: ACTIVE<br> Peer RF state: STANDBY COLD-BULK<br>!<br>ZBFW2# <strong>show redundancy application group 1</strong><br>Group ID:1<br>Group Name:ZBFW_HA<br><br>Administrative State: No Shutdown<br>Aggregate operational state : Up <br>My Role: <strong>STANDBY</strong><br>Peer Role: <strong>ACTIVE</strong><br>Peer Presence: Yes<br>Peer Comm: Yes<br>Peer Progression Started: Yes<br><br>RF Domain: btob-one<br> RF state: STANDBY COLD-BULK<br> Peer RF state: ACTIVE</pre> <p>示例4中的輸出顯示了有關兩台路由器的控制介面的更精細輸出。輸出確認用於控制流量的物理介面，還確認對等體的IP地址。</p> <p><a class="auto_toc_anchor" name="anc12"></a></p> <h4>範例 4:精細輸出</h4> <pre>ZBFW1# <strong>show redundancy application control-interface group 1</strong><br>The control interface for rg[1] is <strong>Ethernet0/2</strong><br>Interface is Control interface associated with the following protocols: 1 <br>BFD Enabled<br>Interface Neighbors:<br>Peer: <strong>10.60.1.2</strong> Standby RGs: 1 BFD handle: 0<br><br>ZBFW1# <strong>show redundancy application data-interface group 1</strong><br> The data interface for rg[1] is Ethernet0/2<br>!<br>ZBFW2# <strong>show redundancy application control-interface group 1</strong><br>The control interface for rg[1] is Ethernet0/2<br>Interface is Control interface associated with the following protocols: 1 <br>BFD Enabled<br>Interface Neighbors:<br>Peer: <strong>10.60.1.1</strong> Active RGs: 1 BFD handle: 0<br><br>ZBFW2# <strong>show redundancy application data-interface group 1</strong><br> The data interface for rg[1] is Ethernet0/2</pre> <p>建立通訊後，示例5中的命令可幫助您瞭解為什麼每台裝置都處於其特定角色。ZBFW1處於活動狀態，因為它具有比其對等體更高的優先順序。ZBFW1的優先順序為<strong>200</strong>，而ZBFW2的優先順序為<strong>150</strong>。此輸出以粗體突出顯示。</p> <p><a class="auto_toc_anchor" name="anc13"></a></p> <h4>範例 5：角色狀態和優先順序</h4> <pre>ZBFW1# <strong>show redundancy application protocol group 1</strong><br><br>RG Protocol RG 1<br> Role: <strong>Active</strong><br> Negotiation: Enabled<br> Priority: <strong>200</strong><br> Protocol state: Active<br> Ctrl Intf(s) state: Up<br> Active Peer: Local<br> Standby Peer: address <strong>10.60.1.2</strong>, priority <strong>150</strong>, intf <strong>Et0/2</strong><br> Log counters:<br> role change to active: 1<br> role change to standby: 0<br> disable events: rg down state 0, rg shut 0<br> ctrl intf events: up 1, down 0, admin_down 0<br> reload events: local request 0, peer request 0<br><br>RG Media Context for RG 1<br>--------------------------<br> Ctx State: Active<br> Protocol ID: 1<br> Media type: Default<br> Control Interface: Ethernet0/2<br> Current Hello timer: 3000<br> Configured Hello timer: 3000, Hold timer: 10000<br> Peer Hello timer: 3000, Peer Hold timer: 10000<br> Stats:<br> Pkts 249, Bytes 15438, HA Seq 0, Seq Number 249, Pkt Loss 0<br> Authentication not configured<br> Authentication Failure: 0<br> Reload Peer: TX 0, RX 0<br> Resign: TX 0, RX 0<br> Standby Peer: Present. Hold Timer: 10000<br> Pkts 237, Bytes 8058, HA Seq 0, Seq Number 252, Pkt Loss 0<br><br>!<br>ZBFW2# <strong>show redundancy application protocol group 1</strong><br><br>RG Protocol RG 1<br>------------------<br> Role: <strong>Standby</strong><br> Negotiation: Enabled<br> Priority: <strong>150</strong><br> Protocol state: Standby-cold<br> Ctrl Intf(s) state: Up<br> Active Peer: address <strong>10.60.1.1</strong>, priority <strong>200</strong>, intf <strong>Et0/2</strong><br> Standby Peer: Local<br> Log counters:<br> role change to active: 0<br> role change to standby: 1<br> disable events: rg down state 0, rg shut 0<br> ctrl intf events: up 1, down 0, admin_down 0<br> reload events: local request 0, peer request 0<br><br>RG Media Context for RG 1<br>--------------------------<br> Ctx State: Standby<br> Protocol ID: 1<br> Media type: Default<br> Control Interface: Ethernet0/2<br> Current Hello timer: 3000<br> Configured Hello timer: 3000, Hold timer: 10000<br> Peer Hello timer: 3000, Peer Hold timer: 10000<br> Stats:<br> Pkts 232, Bytes 14384, HA Seq 0, Seq Number 232, Pkt Loss 0<br> Authentication not configured<br> Authentication Failure: 0<br> Reload Peer: TX 0, RX 0<br> Resign: TX 0, RX 0<br> Active Peer: Present. Hold Timer: 10000<br> Pkts 220, Bytes 7480, HA Seq 0, Seq Number 229, Pkt Loss 0</pre> <p>最後一次確認是為了確保RII組ID已分配給每個介面。如果在兩台路由器上輸入此命令，則它們會進行雙重檢查，以確保裝置之間同一子網上的介面對分配了相同的RII ID。如果沒有使用相同的唯一RII ID配置連線，則連線不會在兩個裝置之間複製。請參見示例6。</p> <p><a class="auto_toc_anchor" name="anc14"></a></p> <h4>範例 6：確認已分配RII組ID</h4> <pre>ZBFW1# <strong>show redundancy rii</strong><br> No. of RIIs in database: 2<br> Interface RII Id decrement<br> Ethernet0/1 : <strong>200</strong> 0<br> Ethernet0/0 : <strong>100</strong> 0<br>!<br>ZBFW2# <strong>show redundancy rii</strong><br> No. of RIIs in database: 2<br> Interface RII Id decrement <br>Ethernet0/1 : <strong>200</strong> 0 <br>Ethernet0/0 : <strong>100</strong> 0</pre> <p><a class="auto_toc_anchor" name="anc15"></a></p> <h3>驗證連線是否複製到對等路由器</h3> <p>在示例7中，ZBFW1主動傳遞連線流量。連線已成功複製到備用裝置ZBFW2。若要檢視區域防火牆處理的連線，請使用<strong>show policy-firewall session</strong>命令。</p> <p><a class="auto_toc_anchor" name="anc16"></a></p> <h4>範例 7：已處理的連線</h4> <pre>ZBFW1#<strong>show policy-firewall session</strong><br> Session B2704178 (10.1.1.100:52980)=>(203.0.113.100:23) tcp <br> SIS_OPEN/TCP_ESTAB<br> Created 00:00:31, Last heard 00:00:30<br> Bytes sent (initiator:responder) [<strong>37:79</strong>]<br> HA State: <strong>ACTIVE</strong>, RG ID: 1<br> Established Sessions = 1</pre> <pre>ZBFW2#<strong>show policy-firewall session</strong><br> Session B2601288 (10.1.1.100:52980)=>(203.0.113.100:23) tcp <br> SIS_OPEN/TCP_ESTAB<br> Created 00:00:51, Last heard never<br> Bytes sent (initiator:responder) [<strong>0:0</strong>]<br> HA State: <strong>STANDBY</strong>, RG ID: 1<br> Established Sessions = 1</pre> <p>請注意，連線會複製，但傳輸的位元組不會更新。通過資料介面定期更新連線狀態（TCP資訊），以確保發生故障轉移事件時不會影響流量。</p> <p>如需更精細的輸出，請輸入<strong>show policy-firewall session zone-pair</strong> <ZP><strong> ha</strong> 指令。它提供的輸出與示例7類似，但它允許使用者將輸出限製為僅指定區域對。</p> <p><a class="auto_toc_anchor" name="anc17"></a></p> <h3>收集調試輸出</h3> <p>本節介紹用於產生相關輸出的debug命令，以便對此功能進行疑難排解。</p> <p>在繁忙的路由器上，啟用調試可能非常困難。因此，在啟用這些功能之前，您應該先瞭解其影響。</p> <ul> <li><strong>debug redundancy application group rii event</strong><br><br> 此命令用於確保連線與正確複製的RII組匹配。當流量到達ZBFW時，將檢查源介面和目標介面的RII組ID。然後，此資訊將通過資料鏈路傳輸到對等體。當備用對等體的RII組與活動單元對齊時，生成示例8中的系統日誌，並確認用於複製連線的RII組ID:<br><br><br><a class="auto_toc_anchor" name="anc18"></a><h4>範例 8：系統日誌</h4><br><pre><strong>debug redundancy application group rii event</strong><br><strong>debug redundancy application group rii error</strong><br>!<br>*Feb 1 21:13:01.378: [RG-RII-EVENT]: get idb: rii:100<br>*Feb 1 21:13:01.378: [RG-RII-EVENT]: get idb: rii:200</pre><br><br></li> <li><strong>debug redundancy application group protocol all</strong><br><br> 此命令是用來確認兩個對等點是否可看到彼此。對等IP地址在調試中確認。如示例9所示，ZBFW1看到其對等體處於IP地址為<strong>10.60.1.2</strong>的備用狀態。對於ZBFW2，情況正好相反。<br><br><br><a class="auto_toc_anchor" name="anc19"></a><h4>範例 9：確認調試中的對等IP</h4><br><br><pre><strong>debug redundancy application group protocol all</strong><br>!<br>ZBFW1#<br>*Feb 1 21:35:58.213: RG-PRTCL-MEDIA: RG Media event, rg_id=1, role=Standby, <br> addr=10.60.1.2, present=exist, reload=0, intf=Et0/2, priority=150.<br>*Feb 1 21:35:58.213: RG-PRTCL-MEDIA: [RG 1] [Active/Active] set peer_status 0.<br>*Feb 1 21:35:58.213: RG-PRTCL-MEDIA: [RG 1] [Active/Active] priority_event <br> 'media: low priority from standby', role_event 'no event'.<br>*Feb 1 21:35:58.213: RG-PRTCL-EVENT: [RG 1] [Active/Active] select fsm event, <br> priority_event=media: low priority from standby, role_event=no event.<br>*Feb 1 21:35:58.213: RG-PRTCL-EVENT: [RG 1] [Active/Active] process FSM event <br> 'media: low priority from standby'.<br>*Feb 1 21:35:58.213: RG-PRTCL-EVENT: [RG 1] [Active/Active] no FSM transition<br><br>ZBFW2#<br>*Feb 1 21:36:02.283: RG-PRTCL-MEDIA: RG Media event, rg_id=1, role=Active, <br> addr=10.60.1.1, present=exist, reload=0, intf=Et0/2, priority=200.<br>*Feb 1 21:36:02.283: RG-PRTCL-MEDIA: [RG 1] [Standby/Standby-hot] <br> set peer_status 0.<br>*Feb 1 21:36:02.283: RG-PRTCL-MEDIA: [RG 1] [Standby/Standby-hot] priority_event <br> 'media: high priority from active', role_event 'no event'.<br>*Feb 1 21:36:02.283: RG-PRTCL-EVENT: [RG 1] [Standby/Standby-hot] select <br> fsm event, priority_event=media: high priority from active, role_event=no event.<br>*Feb 1 21:36:02.283: RG-PRTCL-EVENT: [RG 1] [Standby/Standby-hot] process <br> FSM event 'media: high priority from active'.<br>*Feb 1 21:36:02.283: RG-PRTCL-EVENT: [RG 1] [Standby/Standby-hot] no FSM <br> transition</pre></li> </ul> <p><a class="auto_toc_anchor" name="anc20"></a></p> <h2>常見問題</h2> <p>本節詳細介紹遇到的一些常見問題。</p> <p><a class="auto_toc_anchor" name="anc21"></a></p> <h3>控制和資料介面選擇</h3> <p>以下是控制和資料VLAN的一些提示：</p> <ul> <li>請勿在ZBFW配置中包括控制介面和資料介面。它們僅用於相互通訊；因此，無需保護這些介面。</li> <li>控制介面和資料介面可以位於同一介面或VLAN上。這會保留路由器上的埠。</li> </ul> <p><a class="auto_toc_anchor" name="anc22"></a></p> <h3>缺席RII組</h3> <p>RII組必須應用於LAN和WAN介面。LAN介面必須位於同一子網中，但WAN介面可以位於不同的子網中。如果介面上沒有RII組，則在<strong>debug redundancy application group rii event</strong>和<strong>debug redundancy application group rii error</strong>的輸出中會出現此系統日誌：</p> <pre>000515: Dec 20 14:35:07.753 EST: FIREWALL*: RG not found for ID 0</pre> <p><a class="auto_toc_anchor" name="anc23"></a></p> <h3>自動容錯移轉</h3> <p>為了配置自動故障轉移，必須配置ZBFW HA以跟蹤服務級別協定(SLA)對象，並根據此SLA事件動態降低優先順序。在示例10中，ZBFW HA跟蹤GigabitEthernet0介面的鏈<strong>路狀</strong>態。如果此介面關閉，優先順序會降低，以便更青睞對等裝置。</p> <p><strong>範例 10：ZBFW HA自動故障切換配置</strong></p> <pre>redundancy<br> application redundancy<br> group 1<br> name ZBFW_HA<br> preempt<br> priority 230<br> control Vlan801 protocol 1<br> data Vlan801<br> <strong>track 1 decrement 200</strong><br>!<br><strong>track 1 interface GigabitEthernet0 line-protocol</strong></pre> <pre>redundancy<br> application redundancy<br> group 1<br> name ZBFW_HA<br> preempt<br> priority 180<br> control Vlan801 protocol 1<br> data Vlan801</pre> <p>有時ZBFW HA不會自動進行故障切換，即使出現優先順序降低事件也是如此。這是因為兩台裝置都沒有設定<strong>preempt</strong>關鍵字。<strong>preempt</strong>關鍵字的功能與熱待命路由器協定(HSRP)或自適應安全裝置(ASA)故障轉移中的功能不同。在ZBFW HA中，如果裝置的優先順序發生變化，<strong>preempt</strong>關鍵字允許發生故障切換事件。<a onclick="s_objectID="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.htm_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html#GUID-A450304A-DC96-4E40-854F-7D9B219113EA" rel="nofollow">安全配置指南：</a><a onclick="s_objectID="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.htm_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html#GUID-A450304A-DC96-4E40-854F-7D9B219113EA" rel="nofollow">基於區域的策略防火牆，Cisco IOS版本15.2M&T</a>。以下是「基於區域的策略防火牆高可用性」一章的摘錄：</p> <p>「在其他情況下可能會切換到備用裝置。另一個可能導致切換的因素是可以在每台裝置上配置的優先順序設定。具有最高優先順序值的裝置是活動裝置。如果活動或備用裝置發生故障，裝置的優先順序將減少一個可配置的量，稱為權重。如果主用裝置的優先順序低於備用裝置的優先順序，則會發生切換，備用裝置成為主用裝置。可以通過禁用冗餘組的搶佔屬性來覆蓋此預設行為。您也可以將每個介面配置為在介面的第1層狀態關閉時降低優先順序。配置的優先順序會覆蓋冗餘組的預設優先順序。</p> <p>這些輸出指示正確的狀態：</p> <pre>ZBFW01#<strong>show redundancy application group 1</strong><br>Group ID:1<br>Group Name:ZBFW_HA<br><br>Administrative State: No Shutdown<br>Aggregate operational state : Up<br>My Role: <strong>ACTIVE</strong><br>Peer Role: <strong>STANDBY</strong><br>Peer Presence: Yes<br>Peer Comm: Yes<br>Peer Progression Started: Yes<br><br>RF Domain: btob-one<br> RF state: ACTIVE<br> Peer RF state: STANDBY HOT<br><br>ZBFW01#<strong>show redundancy application faults group 1</strong><br>Faults states Group 1 info:<br> Runtime priority: <strong>[230]</strong><br> RG Faults RG State: Up.<br> Total # of switchovers due to faults: 0<br> Total # of down/up state changes due to faults: 0</pre> <p>這些日誌是在ZBFW上生成的，未啟用任何調試。此日誌顯示裝置何時變為活動狀態：</p> <pre>*Feb 1 21:47:00.579: %RG_PROTOCOL-5-ROLECHANGE: RG id 1 role change from <br> Init to Standby<br>*Feb 1 21:47:09.309: %RG_PROTOCOL-5-ROLECHANGE: RG id 1 role change from Standby<br> to Active<br>*Feb 1 21:47:19.451: %RG_VP-6-BULK_SYNC_DONE: RG group 1 BULK SYNC to standby <br> complete.<br>*Feb 1 21:47:19.456: %RG_VP-6-STANDBY_READY: RG group 1 Standby router is in <br> SSO state</pre> <p>此日誌顯示裝置何時進入待機狀態：</p> <pre>*Feb 1 21:47:07.696: %RG_VP-6-BULK_SYNC_DONE: RG group 1 BULK SYNC to standby <br> complete.<br>*Feb 1 21:47:07.701: %RG_VP-6-STANDBY_READY: RG group 1 Standby router is in <br> SSO state<br>*Feb 1 21:47:09.310: %RG_PROTOCOL-5-ROLECHANGE: RG id 1 role change from Active <br> to Init<br>*Feb 1 21:47:19.313: %RG_PROTOCOL-5-ROLECHANGE: RG id 1 role change from <br> Init to Standby</pre> <p><a class="auto_toc_anchor" name="anc24"></a></p> <h3>非對稱路由</h3> <p>非對稱路由支援在<a onclick="s_objectID="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.htm_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html#GUID-877C5BD5-76FD-40C7-9063-016354A9BB01" target="_self" rel="nofollow">非對稱路由支援</a>指南中列出。</p> <p>要配置非對稱路由，請將功能新增到冗餘應用組全域性配置和介面子配置中。必須注意的是，不能在同一介面上啟用非對稱路由和RG，因為它不受支援。這是因為非對稱路由的工作原理。當介面被指定進行非對稱路由時，它不能作為該點的HA連線複製的一部分，因為路由不一致。配置RG會混淆路由器，因為RG指定介面是HA連線複製的一部分。</p> <p><a class="auto_toc_anchor" name="anc25"></a></p> <h4>範例 11：非對稱路由配置</h4> <pre>redundancy<br> application redundancy<br> group 1<strong><br> asymmetric-routing interface Ethernet0/3<br><br></strong>interface Ethernet0/1<strong><br> redundancy asymmetric-routing enable</strong></pre> <p>此組態必須應用於HA對中的兩台路由器。</p> <p>前面列出的<strong>Ethernet0/3</strong>介面是兩台路由器之間的新專用鏈路。此連結專門用於在兩台路由器之間傳遞非對稱路由流量。因此，它應該是相當於面向外部介面的專用鏈路。</p> <p><a class="auto_toc_anchor" name="anc26"></a></p> <h2>相關資訊</h2> <ul> <li><strong><a onclick="s_objectID="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html" rel="nofollow">安全配置指南：基於區域的策略防火牆，Cisco IOS版本15.2M&T</a></strong></li> <li><strong><a onclick="s_objectID="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.htm_2";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-data-zbf-ha.html#GUID-F326B0D9-F53A-46DE-97FD-F7B5D6709DB8?referring_site=bodynav" rel="nofollow">基於區域的策略防火牆高可用性安全配置指南</a></strong></li> <li><strong><a onclick="s_objectID="http://www.cisco.com/en/US/partner/products/ps11746/tsd_products_support_series_home.html?referri_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/partner/products/ps11746/tsd_products_support_series_home.html?referring_site=bodynav" rel="nofollow">Cisco IOS 15.2M&T</a></strong></li> <li><strong><a onclick="s_objectID="http://www.cisco.com/en/US/products/sw/secursw/ps1018/tsd_products_support_series_home.html?refer_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/products/sw/secursw/ps1018/tsd_products_support_series_home.html?referring_site=bodynav" rel="nofollow">Cisco IOS 防火牆</a></strong></li> <li><strong><a onclick="s_objectID="http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html?referring_site=bodynav_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/en/US/support/tsd_products_field_notice_summary.html?referring_site=bodynav" rel="nofollow">安全產品現場通知</a></strong></li> <li><strong><a onclick="s_objectID="http://www.cisco.com/cisco/web/support/index.html?referring_site=bodynav_1";return this.s_oc?this.s_oc(e):true" href="//www.cisco.com/cisco/web/support/index.html?referring_site=bodynav" rel="nofollow">技術支援與文件 - Cisco Systems</a></strong></li> </ul> </div>   <script type="text/javascript"> function showfeedback(divid){ document.getElementById(divid).style.visibility="visible"; document.getElementById(divid).className = "show"; }function hidefeedback(divid){ document.getElementById(divid).style.visibility="hidden"; document.getElementById(divid).className = "hide"; }</script> <script type="text/javascript" src="/c/dam/en/us/support/docs/common/parseXml.js"></script> <script language="JavaScript"> loadjscssfile('/c/dam/en/us/support/docs/common/support-docs.css','css');</script> <meta http-equiv="X-UA-Compatible" content="IE=9">   <script type="text/javascript" src="/c/dam/en/us/support/docs/common/dest_pg_metricsrule.js"></script> <script type="text/javascript">NTPT_PGEXTRA = 'status=Anonymous';cdc.util.checkLogin(function(val) {if ( val === "valid") {NTPT_PGEXTRA = 'status=LoggedIn';}});</script> </body> </html> <cdc:do action="com.cisco.wem.framework.service.command.eotcontent.EOTResponsiveContent@d10e2d3" returnTypedAs="eotResponsiveContainerVo" id="eotResponsiveContainerVo" /> <div class="row full visitedlinks" style="padding: 0px; margin:0px"> <div class="col full" >  <div id="eot-revision-history"> <h3>修訂記錄</h3> <div style="overflow-x: auto;"> <table border="1" id="erh-table"> <tbody> <tr> <th>修訂</th> <th>發佈日期</th> <th>意見</th> </tr>  <tr class="published"> <td><div align="center">1.0</div></td> <td><div align="center">05-Nov-2013</div></td> <td><div align="left">初始版本</div></td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <script> jQuery(document).ready(function() { if(jQuery('.unpublished').length>0){ var lastRel = "1.0"; if(jQuery('.published').length>0){ lastRel = Number(jQuery('.published td')[0].innerText)+1+".0"; } jQuery('.preview_revision').text(lastRel); } }); </script> <script type="text/javascript"> jQuery(document).ready(function() { if (typeof(cdc) == "undefined") cdc={}; if (typeof(cdc.eot) == "undefined") cdc.eot={}; cdc.eot.isEot = true; cdc.eot.isToc = false; var linkItemsLen=jQuery("#eot-doc-wrapper link[rel='stylesheet']").length; function addNewTocStyleSheet() { let fileName="/etc/designs/cdc/transformation/wemdcmt_responsive.css", $head = jQuery("head"), linkElement = "<link rel='stylesheet' href='"+fileName+"' type='text/css' >"; $head.append(linkElement); } if (cdc.eot.isToc && ! linkItemsLen ) { addNewTocStyleSheet(); } else if(cdc.eot.isEot) { var linkItemsLen=jQuery("#eot-doc-wrapper link[rel='stylesheet']").length; jQuery("#eot-doc-wrapper link[rel='stylesheet']").each(function(){ var linkTag=jQuery(this); var hrefVal=jQuery(linkTag).attr("href"); if(hrefVal!=undefined && hrefVal.indexOf("support-responsive.css")==-1 && hrefVal.indexOf("_responsive.css")==-1){ var fileName=hrefVal.substr(hrefVal.lastIndexOf("/")+1,hrefVal.length).split(".css")[0]; var filePath="/etc/designs/cdc/transformation/"; if(fileName=="ccimr"){ fileName="techdocs_responsive"; }else if(fileName=="support-docs"){ fileName="support-responsive"; }else if(fileName=="framework"){ fileName="responsiveframework"; }else if(fileName=="dcmt"){ fileName="wemdcmt_responsive"; }else if(fileName=="techdocs_85_11_word"){ fileName="techdocs_85_11_word"; if (cdc.eot.isToc) { addNewTocStyleSheet(); } }else{ fileName+="_responsive"; } jQuery(linkTag).attr("href",filePath+fileName+".css"); } if(hrefVal.indexOf("support-responsive.css")>-1){ jQuery(linkTag).attr("href","/etc/designs/cdc/transformation/support-responsive.css"); } }); jQuery("#eot-doc-wrapper > table").wrap("<div></div>"); //jQuery("#eot-doc-wrapper table").parent().attr("style","overflow-x:auto !important"); jQuery("#eot-doc-wrapper table:not('.olh_note')").parent().css({overflowX:"auto"});// commented above line coz its overriding existing inline styles } }); </script> </div>  <div class="col narrow-v2" > <div class="rightRailComponent base-blowout"> <div class="eotPersonalization"> <section id="eotSupportCampaign"></section> </div>   <div> <div class="tac-image"> <img class="eot-istac" src="/etc/designs/cdc/fw/i/TAC_lg-icon.png" alt="TAC Authored"/> </div> </div> <div class="showComponent"> <div class="eot-authors"> <h3 class="eot-authors-heading">由思科工程師貢獻</h3> <ul> <li><div class="eot-authors-name"> Adam Makovecz, Rama Darbha, and Jay Johnston</div><div class="eot-authors-org"> Cisco TAC Engineers.</div></li> </ul> </div> </div>  <div class="eot-feedback-container"> <div class="eot-feedback"> <h3>這份文件是否有所幫助？</h3> <span class="eot-feedback-btnwrap"> <button class="eot-feedback-btn eot-feedback-btn-yes" aria-label="這份文件是否有所幫助？? 是">是</button> <button class="eot-feedback-btn eot-feedback-btn-no" aria-label="這份文件是否有所幫助？? 否">否</button> </span> <span lang="zh" class="eot-feedback-olwrap"> <a href="javascript: void(0)" class="eot-feedback-ol" onclick="window.open('https://ciscocx.qualtrics.com/jfe/form/SV_dpqK8gJRAW2GHCC?Ref=' + location.href + '&resize=false', 'feedback', 'width=650, height=460, scrollbars=1, menubar=1, resizable=1'); return false;"> <img id="feedback_img" border="0" style="cursor: pointer;" title="Feedback" src="//www.cisco.com/c/dam/cdc/i/Feedback_OceanBlue.png" alt="Feedback">意見</a> </span> </div> </div> <div class="showComponent"> <div class="eot-vav"> <ul> </ul> </div> </div> <div class="showComponent"> <div class="eotLetUsHelp"> <h3>讓思科協助您</h3> <ul> <li><a id="eotLetUsHelpProdDocUrl" href="https://mycase.cloudapps.cisco.com/start?prodDocUrl=">開啟支援問題單</a><img src="/etc/designs/cdc/fw/i/icon_lock_small.png" alt="login required"/></li> <li>(需有<a href="//www.cisco.com/c/zh_tw/services/order-services.html">思科服務合約</a>)</li> </ul> </div> <script> jQuery(document).ready(function() { var getURL=jQuery("#eotLetUsHelpProdDocUrl").attr("href"), domInd = location.href.indexOf('cisco.com') ; if ( domInd > -1 && domInd < location.href.search(/\w\/\w/) ) { getURL += encodeURI(location.href); } jQuery("#eotLetUsHelpProdDocUrl").attr("href",getURL); }); </script> </div>  <div id="eotRightRailMBox">  <div> <div class="mboxDefault"></div> <script type="text/javascript"> var test=""; if(test!=undefined && test.trim().length>0){ mboxCreate('zh-tw_dg_support_eot','type=default',''); }else{ mboxCreate('zh-tw_dg_support_eot','type=default'); } </script> </div> </div> <div class="showComponent"> <div class="eot-tdatp"> <h3>本文件適用於這些產品</h3> <ul class="eot-tdatp-list"> <li><a href="/c/zh_tw/support/security/ios-firewall/series.html">IOS Firewall</a></li> </ul> </div> </div> <div class="showClass"> </div> </div> </div> </div>   </div> <script type="module" src="/site/web-components/tw/zh/cdc-footer.js"></script> <cdc-footer></cdc-footer> <script type="text/javascript"> if(document.querySelector('#privacy-manager')!=null){ document.querySelector('#privacy-manager').href='#cookies'; } </script> <div id="fw-overlay"></div> <script src="/etc/designs/cdc/clientlibs/responsive/js/responsive.min.js"></script> <script src="/etc/designs/cdc/fw/j/theater_frag/link_indicator.js"></script> <script src="/etc/designs/cdc/fw/m/eot_metricsrule.js" type="text/javascript"></script> <script src="/etc/designs/cdc/fw/lib/jqmodal.js" type="text/javascript"></script>  <noscript><img src="//cisco.112.2o7.net/b/ss/cisco-mobile/5/12345" width="2" height="2" border="0" alt=""/></noscript> </body> </html>

CINXE.COM

配置ZBFW高可用性並對其進行故障排除 - Cisco