Can anyone tell/confirm/deny for me IF it is possible to manage an SRX cluster on a 'revenue'/data port and NOT on the fxp0/mgmt port? I have a very small network, 4 vlans that I am looking to take off of a switch and move 'up' to a firewall which would now be the top layer of the infrastructure and hold all of the gateways at the interface/zone level. I don't have another network with which to use to assign on the MGMT/FXP0 ports so i'd rather not have to use it if i dont need to. All of the traffic here is all internal and there shouldnt even be a need for any routes as everything to/from anything else has to pass the firewal which knows where to route to.
I suppose if a revenue port cannot also be used as a management port I could just configure the fxp0 ports in the groups statements with some random local network and put a dedicated workstation on that subnet to manage it but would obviously prefer not to if I can just use one of the reth interfaces to manage via ssh/jweb
Yes, it is possible to manage srx via revenue/data port. Just allow ssh/https etc in host inbound traffic for the particular zone and then you can login to primary node. One caveat is that you can not directly login to the secondary node from your pc. If you want login secondary node, first login to primary node then login to secondary using "request routing-engine......" Command.
Thanks, Nellikka JNCIE x3 (SEC #321; SP #2839; ENT #790) Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!