Configuration Library
Configuration Library

High availability configuration between juniper and other vendors equipements

‎03-14-2014 08:22 AM

Hi ,

a costumer need to configure two firewalls to assure high availability , he has a Cisco asa 5510 firewall .
There is any solution to add juniper srx or ssg firewall as a standby to the existing firewall ? 

2 REPLIES 2
Configuration Library

Re: High availability configuration between juniper and other vendors equipements

‎03-14-2014 10:10 AM

You could construct a backup firewall for the ASA 5510.  The roughly equivilent hardware would be either the SSG140 or SRX240.

 

But this would require an ongoing manual effort to keep the security policy and routing configurations in sync between the ASA and the Juniper.  There is no way to automate configuration changes from such a different platform.

 

If the goal is high availability, I would think you really need two devices of the same hardware running a full configuration sync automatically.

 

In Juniper SSG that is the NSRP cluster and in the SRX you configure the JSRP cluster.

 

I don't know if the ASA offers something similar or not.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Configuration Library

Re: High availability configuration between juniper and other vendors equipements

‎03-21-2014 09:53 AM
Using two different firewalls from two different vendors at the same site for purposes of active/standby would be an absolute nightmare to manage. This is something I would encourage my worst enemies to do. :-)

ASA 5510 does support clustering in active / active or active / standby.