华为防火墙vrrp+hrp双机热备负载分担（两端为交换机）

主要配置：

FW1

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2
hrp mirror sessio enable //在负载分担模式下一般要开启快速会话备份功能

interface GigabitEthernet1/0/0
这里可以假想为接两条外线，一条外线对应一个vrrid
undo shutdown
ip address 1.1.1.2 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 active
vrrp vrid 4 virtual-ip 1.1.1.8 standby

这里假想为一个vrrid对应一个vlan，为了节省时间就vrip写成一个段了。
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 active
vrrp vrid 2 virtual-ip 10.1.1.8 standby

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy //暂时全允许
default action permit

FW2:

hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1
hrp mirror sessio enable //在负载分担模式下一般要开启快速会话备份功能

interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.3 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 standby
vrrp vrid 4 virtual-ip 1.1.1.8 active

interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby
vrrp vrid 2 virtual-ip 10.1.1.8 active

interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0

firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1

firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0

firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2

security-policy
default action permit

查看：
dis hrp state verbose