06-15-2011 12:49 AM - edited 06-15-2011 01:07 AM
Just got my 2 SRX 240's, I upgraded them both to Junos 11.1 and now I'm having issues with setting them up in a cluster. When I try to disable switching on the firewalls I get an error at the following command:
delete interfaces interface-range interfaces-trust
When I reboot the firewall with this setup it complains about ge-0/0/1 not being available and then tells me the commit did not complete.
Interface control process: [edit interfaces]
Interface control process: 'ge-0/0/1'
Interface control process: HA control port cannot be configured
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.
The annoying thing is both SRX's are in a completely factory setup, is this known behavior?
06-15-2011 02:14 AM
When you put the device into cluster mode, several of the interfaces on branch-level SRXs turn into specific HA ports http://www.juniper.net/techpubs/en_US/junos11.1/information-products/topic-collections/security/soft...). You'll need to remove references to these interfaces in the configuration. On the SRX240, ge-0/0/1 turns into the HA control link.
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
06-17-2011 02:00 AM
Sorry about the slow reply, I opened a ticket with support and they quickly resolved my issue. Turned out the default vlan was mentioned in system/services/web-management/http and that this caused the error.
Basically you have to remove all interfaces and anything referring to the default vlan. Then set up your cluster, reboot and recreate the interfaces.