SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
New User
Posts: 1
Registered: ‎07-22-2011
0 Kudos

To VC the SRX nodes or not?

I'm confused whether it is better practice to deploy SRX/NSM in VC mode single IP or as a cluster of two nodes with two IPs.  It seems that there are two good reasons *not* to VC:


1) Logging in VC mode does not allow real time sync as logging data does not traverse fxp0.

2)  Individual node status in NSM seems more complete in cluster-from-nodes than VC. 








Super Contributor
Posts: 353
Registered: ‎04-30-2010
0 Kudos

Re: To VC the SRX nodes or not?

If your design allows it - that is, true out-of-band network to communicate with fxp0, and a separate NIC on NSM for communicating to the Internet / receiving stream logs - then I'd manage via fxp0 instead of via VC.


Also, afaik, VC is only on option on Branch, not on Highend SRX.


Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: To VC the SRX nodes or not?

One more thing to think about when doing VC mode: Updating the SRX cluster with new Junos releases from NSM is not supported (it will do the update but only on one box, leaving your cluster in undefined state). 


Unfortunately, managing SRXs through fxp0 is too much of a hassle too. 


Juniper really needs to do something about this.


Twitter: @cryptochrome