05-17-2012 05:35 AM
i have few queries as under:
1. if i have 2xSRX3400 and i dont take SCM module, am i still able to make them in cluster A/A or A/P while using one control and one data link???
2. if i install SCM on each device then i can use 2xcontrol links and 2xdata links in order to make redundancy in HA
3. whether the devices configured in A/A or A/P, i need to have 2xIDP licenses, one for each device because one IDP license is only for one box and it does not have to do anyting with A/A or A/P cluster?
4. if i buy Appsecure license, it is also one appsecure for one device?
5. can i use both IDP and Appsecure on a single SRX3400?
i will really appreicate your response. thanks
Solved! Go to Solution.
05-17-2012 06:18 AM
1. Yes. WIthout the SCM you can still have dual data links as well.
3. Yes, you have to license each route engine, so one license per chassis.
5. Absolutely. Actually, if you buy the current AppSecure license it enables both IPS and AppSec so no need to buy both.
To expand on #1: today, we only support a single RE per chassis. If you have a chassis cluster and one RE fails that chassis will shut down - this is because the RE provides chassis-maintenance functions (monitor temperature, tell the fans how fast to spin, etc). The SCM can also provide those chassis maintenance functions, so if you have an RE and SCM in a chassis cluster and the RE fails, then the forwarding plane can remain online. The SCM won't act as a full RE (so you have to be in a cluster so you can fail to the other chassis's RE), but it will perform the basic chassis maintenance functions that will allow the chassis to stay online without its own RE. The SCM also enables the backup control plane sync so you can run redundant control links.
05-17-2012 06:25 AM
3. You need an IDP license on each box as the license is "per device"
4.You will need an App Secure license on each device.
5. Yes, if you have both IDP and Appsecure, downloading the IDP signatures will include the application signatures.