SRX

last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  UTM in a chassis cluster

    Posted 07-24-2012 13:17

    Hi,

     

    I need to assure that the chassis cluster (HA) normally (i.e. when not degraded/failed) works as an active/passive (versus A/A). How can I do that?

     

    Maybe if I could make RG0 to follow other RG’s in a HA cluster? I cannot preempt RG0...

     

    The root cause is that on SRX branch devices, UTM is supported only for active/backup chassis cluster configuration with both RG0 and RG1 active on the same node. It is not supported for active/active chassis cluster configuration. I think that holds true for versions up to 11.2. I guess that on 11.4 UTM is supported in active/active – but still without Sophos AV (and I need Sophos AV – so I have to stick to Active/Passive HA config). The problem is – that I see no way I can configure that – even with node0 having a higher priority is seems to be a game of chance if it gets RG0 with no preemption avail for that RG… (if node1 boots first – it will get RG0)

     

    Regards,

    Pawel Mazurkiewicz



  • 2.  RE: UTM in a chassis cluster
    Best Answer

     
    Posted 07-26-2012 17:15

    Easiest way is to not enable preemption on RG1+, and set interface tracking on all RGs to track the same interfaces. Since you can't set preempt on RG0, if you want to keep RG1+ on the same chassis then avoid using it on any RG. Tracking interface failures on RG0 isn't officially recommended but it works, and will keep all RGs on the same chassis when under normal operation.



  • 3.  RE: UTM in a chassis cluster

    Posted 08-01-2012 09:08

    Thank you. 

    BTW: my testing shows that Sophos AV simply stops scanning when in active/active, but the traffic flows ok - so it seems to be a minor issue.

     

    Regards,

    Pawel