SRX Services Gateway
Highlighted
SRX Services Gateway

Known issue Chassis cluster and VPN through NAT device fix or not in JUNOS 10.4R3 on SRX series?

‎04-20-2011 09:51 PM

Dear all.

It have two issue let me concern to buy SRX or not.

1. The SRX chassis cluster failover known issue.

     I check the release note of stable JUNOS 10.4R3.4 .

     During manual failover, a system crash might occur if the nodes have not completely

     recovered from a previous failover.

     

     Is it have a big issue of trigger on cluster or  it have more issue on SRX cluster?

 

2. The SRX VPN function support or not NAT devices in front of SRX device in JUNOS 10.4R3?

    I check the Release note and havent fond this notes.

 

Thanks for your reply!

1 REPLY 1
Highlighted
SRX Services Gateway
Solution
Accepted by topic author clam29
‎08-26-2015 01:27 AM

Re: Known issue Chassis cluster and VPN through NAT device fix or not in JUNOS 10.4R3 on SRX serie

‎04-21-2011 04:22 AM

1) is not a big concern. Standard operating procedure is to establish health of the cluster before any manual failover, therefore, as long as procedures are being followed, you are not going to see this crash

 

2) Yes, NAT-T is supported for remote peers. Your central HQ "VPN Hub" should be reachable on a direct public IP, of course, the same way that ScreenOS behaves.

 

One of the biggest challenges for SRX today, particularly when clustered, is UTM stability and behavior during failover. If what you have in mind is basic Layer 4 firewalling + IPSEC, it will work great.

 

Also keep in mind that "dual ISP without dynamic routing protocol" is supported today, but difficult to set up, and with limitations. If you use BGP towards your ISPs, you are golden; ditto if you only have one ISP.