Solved

HA on Juniper SRX650

Posted on 2010-11-25
10
1,516 Views
Last Modified: 2012-05-10
Hi Experts,

I have a few questions regarding configuring HA on Juniper SRX650.

1. How do I remotely manage SRX650?
2. Is reth1.0 IP 1.2.0.233 actually the WAN IP in the network diagram in the KB article?
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15503

Thanks,

Jimmy
0
Comment
Question by:jimmy1829
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
10 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 34214862
You manage the SRX cluster using the fxp0 interface.  This is designed as the management network for "out of band" managemet.

IN the diagram you posted, the reth1.0 is indeed the wan connection.

The reth is a psuedo interface made up of 2 child interfaces, 1 on each node,  Think of it is like an active passive interface, where only one interface on one node is the active reth in the diagram.

For the management of the node, configure the fxp0 interface
0
 

Author Comment

by:jimmy1829
ID: 34215031
Thanks deimark,
So that means I need to configure a WAN IP on fxp0 for remote management, is that correct?
0
 
LVL 18

Expert Comment

by:deimark
ID: 34216758
Nope. The fxp0 is ONLY for management bud. It cannot be used for transit traffic.

Clustering on srx requires 3 clustering interfaces. The mgmt link on fxp0 and also 2 sync connections for the control and data planes. None of these cluster links can be used for production traffic. It is a bit of a drawback that on the branch office devices you end up losing 3 revenue ports for the clustering but on the high end devices the mgmt and control connections are on specific ports.

Hth
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:jimmy1829
ID: 34220412
Thanks again, and I guess I have a little confusion regarding "management"
Since fxp0 is for management, do I physically connect it somewhere?
If I want to configure the firewall via J-Web portal through the internet, what IP should use, and which port should I configure this IP on?

Jimmy
0
 
LVL 18

Expert Comment

by:deimark
ID: 34220467
The mgmt net is a net specifically designed for log and control traffic. Historically this was used in more service provider areas so that this extra traffic did not touch the production customer networks. You can still use the reth interfaces for j web and ssh but this will only ever take you to the active routing engine. That us why we use the fxp0 to allow us to connect to both nodes. P
0
 

Author Comment

by:jimmy1829
ID: 34220502
Then how do I  physically connect fxp0 interfaces? For instance, I want to manage each individual node via internet.
Thanks!
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 500 total points
ID: 34222035
The fxp0 interface connects to a specific mgmt network  This network is not normally accessible via the internet.

If you want to manage both from the internet then you will need to connect to the active routing engine, then ssh across to the standby node using the fxp0 address.

The fxp0 interface was not designed for complete external mgmt unless you add routes on your other network devices to send the fxp0 traffic to the mgmt network,.

However, you will only normally ever have to connect to the active node for normal config changes and monitoring.
0
 

Author Comment

by:jimmy1829
ID: 34222125
Great! Thanks deimark for the prompt answer!
I will give it a try, and let you know how everything goes.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34421436
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 83
pfsense upgrade from 2.2.6 to 2.3.3 28 89
DVR Camera Security System Port Forwading 7 73
Dell SonicWall Connection 18 59
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question