SRX 240 Cluster setup

rogierg · ‎04-12-2011

Just got my 2 SRX 240's, I upgraded them both to Junos 11.1 and now I'm having issues with setting them up in a cluster. When I try to disable switching on the firewalls I get an error at the following command:

delete interfaces interface-range interfaces-trust

When I reboot the firewall with this setup it complains about ge-0/0/1 not being available and then tells me the commit did not complete.

Interface control process: [edit interfaces]
Interface control process: 'ge-0/0/1'
Interface control process: HA control port cannot be configured

Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.

The annoying thing is both SRX's are in a completely factory setup, is this known behavior?

aweck · ‎07-24-2009

When you put the device into cluster mode, several of the interfaces on branch-level SRXs turn into specific HA ports http://www.juniper.net/techpubs/en_US/junos11.1/information-products/topic-collections/security/soft...). You'll need to remove references to these interfaces in the configuration. On the SRX240, ge-0/0/1 turns into the HA control link.

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL

rogierg · ‎04-12-2011

Sorry about the slow reply, I opened a ticket with support and they quickly resolved my issue. Turned out the default vlan was mentioned in system/services/web-management/http and that this caused the error.

Basically you have to remove all interfaces and anything referring to the default vlan. Then set up your cluster, reboot and recreate the interfaces.

SRX 240 Cluster setup

Re: SRX 240 Cluster setup

Re: SRX 240 Cluster setup