Hi MFB,
Well, its been 2 weeks; however, I had the chance to test the UTM behavior in Active/Active scenario.
root@SRX-1# run show chassis cluster status
Sep 01 20:14:19
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring RE Relinquish monitoring
Cluster ID: 10
Node Priority Status Preempt Manual Monitor-failures
Redundancy group: 0 , Failover count: 1
node0 200 primary no no None
node1 1 secondary no no None
Redundancy group: 1 , Failover count: 1
node0 100 primary no no None
node1 100 secondary no no None
Redundancy group: 2 , Failover count: 1
node0 200 primary no no None
node1 100 secondary no no None
{primary:node0}[edit]
root@SRX-1# run show security utm web-filtering status
Sep 01 20:14:34
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server UP
node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN
root@SRX-1# run request chassis cluster failover redundancy-group 2 node 1
Sep 01 20:15:20
node1:
--------------------------------------------------------------------------
Initiated manual failover for redundancy group 2
{primary:node0}[edit]
root@SRX-1# run show chassis cluster status
Sep 01 20:15:23
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring RE Relinquish monitoring
Cluster ID: 10
Node Priority Status Preempt Manual Monitor-failures
Redundancy group: 0 , Failover count: 1
node0 200 primary no no None
node1 1 secondary no no None
Redundancy group: 1 , Failover count: 1
node0 100 primary no no None
node1 100 secondary no no None
Redundancy group: 2 , Failover count: 2
node0 200 secondary no yes None
node1 255 primary no yes None
{primary:node0}[edit]
root@SRX-1# run show security utm web-filtering status
Sep 01 20:15:34
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN
node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN
If you look at the above outputs,
- I have 3 RGs(RG0, RG1, and RG2) all of them were Primary on Node 0 and UTM was working fine.
- As soon as I initiated the failover of RG2 to Node 1, which doesn't even contain any interfaces, the UTM status became DOWN.
So, we can conclude that UTM won't work in the SRX series devices deployed in the chassis cluster with an Active/Active configuration except SRX1500 running Junos version 15.1X49-D30 and above.