SRX

New Juniper user here, I'm migrating our network from Cisco equipment to Juniper.

I've got two SRX240H's that I'd like to cluster, but I've got some questions about the subject.  I'm relatively new to Juniper equipment and have been reading through piles of documentation, so forgive me if these are somewhat ignorant questions...

When configuring two firewalls for active/active HA, will config changes between the two be shared?  That is, if I change a rule/filter on one, will it propagate to the other?

Can I configure one of the firewalls, put it into production, then cluster it with the other at a later time?

Thanks!

Just a quick heads up. Chassis clustering (JSRP) won't be supported on SRX240 until 9.6.

But in a nutshell, to answer your question, chassis cluster will treat both nodes of the cluster as a single logical chassis. So configurations on both nodes will be identical. At any given time you will have only one node have RE primary (for redundancy group 0) and the primary will control all interfaces on both nodes. So any config changes one one node will be propogated to the other no matter which node you make the change on.

That said, you can configure one firewall and then add the second cluster member at a later time. However I always advise that when adding a new node to the cluster to reboot both nodes at the same time to start clean.

-Richard