Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

HA on Juniper SRX650

Posted on 2010-11-25
10
Medium Priority
?
1,546 Views
Last Modified: 2012-05-10
Hi Experts,

I have a few questions regarding configuring HA on Juniper SRX650.

1. How do I remotely manage SRX650?
2. Is reth1.0 IP 1.2.0.233 actually the WAN IP in the network diagram in the KB article?
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15503

Thanks,

Jimmy
0
Comment
Question by:jimmy1829
  • 4
  • 4
10 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 2000 total points
ID: 34214862
You manage the SRX cluster using the fxp0 interface.  This is designed as the management network for "out of band" managemet.

IN the diagram you posted, the reth1.0 is indeed the wan connection.

The reth is a psuedo interface made up of 2 child interfaces, 1 on each node,  Think of it is like an active passive interface, where only one interface on one node is the active reth in the diagram.

For the management of the node, configure the fxp0 interface
0
 

Author Comment

by:jimmy1829
ID: 34215031
Thanks deimark,
So that means I need to configure a WAN IP on fxp0 for remote management, is that correct?
0
 
LVL 18

Expert Comment

by:deimark
ID: 34216758
Nope. The fxp0 is ONLY for management bud. It cannot be used for transit traffic.

Clustering on srx requires 3 clustering interfaces. The mgmt link on fxp0 and also 2 sync connections for the control and data planes. None of these cluster links can be used for production traffic. It is a bit of a drawback that on the branch office devices you end up losing 3 revenue ports for the clustering but on the high end devices the mgmt and control connections are on specific ports.

Hth
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:jimmy1829
ID: 34220412
Thanks again, and I guess I have a little confusion regarding "management"
Since fxp0 is for management, do I physically connect it somewhere?
If I want to configure the firewall via J-Web portal through the internet, what IP should use, and which port should I configure this IP on?

Jimmy
0
 
LVL 18

Expert Comment

by:deimark
ID: 34220467
The mgmt net is a net specifically designed for log and control traffic. Historically this was used in more service provider areas so that this extra traffic did not touch the production customer networks. You can still use the reth interfaces for j web and ssh but this will only ever take you to the active routing engine. That us why we use the fxp0 to allow us to connect to both nodes. P
0
 

Author Comment

by:jimmy1829
ID: 34220502
Then how do I  physically connect fxp0 interfaces? For instance, I want to manage each individual node via internet.
Thanks!
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 2000 total points
ID: 34222035
The fxp0 interface connects to a specific mgmt network  This network is not normally accessible via the internet.

If you want to manage both from the internet then you will need to connect to the active routing engine, then ssh across to the standby node using the fxp0 address.

The fxp0 interface was not designed for complete external mgmt unless you add routes on your other network devices to send the fxp0 traffic to the mgmt network,.

However, you will only normally ever have to connect to the active node for normal config changes and monitoring.
0
 

Author Comment

by:jimmy1829
ID: 34222125
Great! Thanks deimark for the prompt answer!
I will give it a try, and let you know how everything goes.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 34421436
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question