SRX

Hi

 

In an active/passive SRX cluster, if you are unabl eto log into the primary node, can you make changes on secondary node and have them sync to the primary node?

 

Also is there command similar to Cisco ASA's 

failover exec mate using which you can send commands to the peer?

 

Thanks!

commit synchronize

It should be the default anyways. Check to see if you can add this comman:

#set system commit synchronize

Dont know about the other command

Making the change in standby fw and then syncing it to the active fw wouldn't cause any issues like breaking the cluster, would it?

No cluster would still be fine and both nodes synched. Only thing you would need be aware is if you are making changes to policies that would affect existing sessions then for sure those sessions would be affected. BTW, is it a bug or just IP change that is preventing you from accessing main node? And what happens to console connection?

Hi lyndidon

 

thanks for your reply. I couldn't access the primary node inband or via OOB. I just wanted to see if we can still make changes via secondary node while we work on inband/OOB to the primary node

 

Thank you!

Okay. no problem 🙂

Hi there,

 

If you can only connect to the secondary node, try either of the two commands below for access to the master:

 

user@node> request routing-engine login node 1
?
--- JUNOS 12.1X44-D20.3 built 2013-07-19 03:52:31 UTC
No alarms currently active

{secondary:node1}
user@node> exit

rlogin: connection closed

{primary:node0}
user@node> start shell
% rlogin -T node1
?
--- JUNOS 12.1X44-D20.3 built 2013-07-19 03:52:31 UTC
No alarms currently active

{secondary:node1}
user@node>

 

The above method is the reverse of your issue, however I just happened to be logged into the primary of my cluster.

 

I hope that this is of help,