Idea:
IP, routing, and ospf need to be configured separately on two firewalls. HRP will not be synchronized.
Other zones and policies will be synchronized. Just configure them on the master.
FW_A main configuration:
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2
interface GigabitEthernet1/0/0
undo shutdown
ip address 12.1.1.1 255.255.255.0
service-manage ping permit
interface GigabitEthernet1/0/1
undo shutdown
ip address 1.1.1.2 255.255.255.0
service-manage ping permit
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0
service-manage ping permit
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
ospf 1
default-route-advertise //Both the active and backup servers must issue
area 0.0.0.0
network 12.1.1.1 0.0.0.0
ip route-static 0.0.0.0 0.0.0.0 1.1.1.5
security-policy
default action permit
nat-policy //Only configured on the primary, HRP will be automatically synchronized to the backup
rule name internet
source-zone trust
destination-zone untrust
source-address 10.1.1.0 mask 255.255.255.0
action source-nat easy-ip
FW_B main configuration
hrp enable
hrp standby-device //Specify yourself as the standby
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1
interface GigabitEthernet1/0/0
undo shutdown
ip address 11.1.1.1 255.255.255.0
service-manage ping permit
interface GigabitEthernet1/0/1
undo shutdown
ip address 1.1.1.1 255.255.255.0
service-manage ping permit
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0
service-manage ping permit
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
ospf 1
default-route-advertise
area 0.0.0.0
network 11.1.1.1 0.0.0.0
ip route-static 0.0.0.0 0.0.0.0 1.1.1.5
security-policy
default action permit
nat-policy
rule name internet
source-zone trust
destination-zone untrust
source-address 10.1.1.0 mask 255.255.255.0
action source-nat easy-ip