SRX Services Gateway
SRX Services Gateway

SRX 240 Cluster setup

[ Edited ]
06.15.11   |  
‎06-15-2011 12:49 AM

Just got my 2 SRX 240's, I upgraded them both to Junos 11.1 and now I'm having issues with setting them up in a cluster. When I try to disable switching on the firewalls I get an error at the following command:


delete interfaces interface-range interfaces-trust

When I reboot the firewall with this setup it complains about ge-0/0/1 not being available and then tells me the commit did not complete.


Interface control process: [edit interfaces]
Interface control process:   'ge-0/0/1'
Interface control process:      HA control port cannot be configured

Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.


The annoying thing is both SRX's are in a completely factory setup, is this known behavior?

SRX Services Gateway

Re: SRX 240 Cluster setup

06.15.11   |  
‎06-15-2011 02:14 AM

When you put the device into cluster mode, several of the interfaces on branch-level SRXs turn into specific HA ports  You'll need to remove references to these interfaces in the configuration.  On the SRX240, ge-0/0/1 turns into the HA control link.

Juniper Elite Partner
SRX Services Gateway

Re: SRX 240 Cluster setup

06.17.11   |  
‎06-17-2011 02:00 AM

Sorry about the slow reply, I opened a ticket with support and they quickly resolved my issue. Turned out the default vlan was mentioned in system/services/web-management/http and that this caused the error.


Basically you have to remove all interfaces and anything referring to the default vlan. Then set up your cluster, reboot and recreate the interfaces.