Intrusion Prevention
Reply
Contributor
JNCIS
Posts: 21
Registered: ‎03-09-2011
0

IDP 800 Scenario

I have two IDP 800 connected each other to form HA. These IDPs are approx 1 KM apart. Can I run HA on fiber? As far as I know we can do HA on fiber in case of firewall as well as IDP. Do I need any media converters? Is there any document available for this.

Enclosed is the nw diagram.

 

Regards,

 

 

 

Juniper Employee
Easwar
Posts: 13
Registered: ‎06-29-2009
0

Re: IDP 800 Scenario

Hi,

 

All the HA State sync ports in platforms IDP 250, 800, 8200, 600C/F and 1100C/F supports ONLY 1G copper interfaces. As of now there is no standalone IDP platform which can support HA on fiber interfaces.

 

Since we support only third party HA in version 5.1 without HA state sync interface as well HA will continue to work since the failover is done by the third party device in your case the firewall or the l2 switch. But without state sync interface after failover all the sessions will be treated as new sessions from the active to passive idp.

 

Thanks,

Easwar

Contributor
JNCIS
Posts: 21
Registered: ‎03-09-2011
0

Re: IDP 800 Scenario

Hi,

Thanks for your reply. But then we have 4 port SFP card available for IDP. Meaning that we can connect two standalone IDPs over fiber. Do my scenario work for A/P?

 

Awaiting your reply.

 

 

Juniper Employee
Easwar
Posts: 13
Registered: ‎06-29-2009
0

Re: IDP 800 Scenario

Yes, we do support HA on 4 port fiber with and without bypass cards. Its just that the HA state sync ports cannot be connected using fiber cables. 

 

Thanks,

Easwar

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.