SRX Services Gateway
Highlighted
SRX Services Gateway

can't HTTPs to fxp0 on node1

‎04-09-2014 05:55 AM

 

Hi All,

 

I have srx3400 A/P cluster. I can manage node0 via telnet ssh https http and same for node1 excep I can't mange it through https and http.

 

I monitored the traffic on interface fxp0 of node1 and that's what I get:

 

15:16:32.357987  In IP 10.50.32.99.53239 > 172.21.211.246.https: S 2837602387:2837602387(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
15:16:32.358052 Out IP 172.21.211.246.https > 10.50.32.99.53239: R 0:0(0) ack 2837602388 win 0

 

the configuration is fine I think :

 

set version 11.4R9.4
set groups node1 system host-name BAS-SRX3400-2
set groups node1 system backup-router 172.21.211.1
set groups node1 system backup-router destination 10.50.32.0/24
set groups node1 interfaces fxp0 enable
set groups node1 interfaces fxp0 unit 0 family inet address 172.21.211.246/24
set groups node0 system host-name BAS-SRX3400-1
set groups node0 system backup-router 172.21.211.1
set groups node0 system backup-router destination 10.50.32.0/24
set groups node0 interfaces fxp0 enable
set groups node0 interfaces fxp0 unit 0 enable
set groups node0 interfaces fxp0 unit 0 family inet address 172.21.211.247/24
set apply-groups "${node}"

 

set system services ssh connection-limit 5
set system services ssh rate-limit 4
set system services telnet connection-limit 10
set system services telnet rate-limit 4
set system services web-management http interface fxp0.0
set system services web-management http interface reth1.0
set system services web-management https system-generated-certificate
set system services web-management https interface fxp0.0
set system services web-management https interface reth1.0
set system services web-management session idle-timeout 60
set system services web-management session session-limit 2

 

I can ping ssh and telnet to node1  but https and http I can't

for node0 everything is ok.

 

please help.

 

thank you,

 

Best Regards,

Haitham Jneid

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author Haitham Jneid
‎08-26-2015 01:27 AM

Re: can't HTTPs to fxp0 on node1

‎04-09-2014 06:38 AM
Sadly, http/https does not work on device acting as secondary.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16827

You should be able to manage node1 after failing over redundancy-group 0 to node1.

Regards.
Sam
Highlighted
SRX Services Gateway

Re: can't HTTPs to fxp0 on node1

‎04-09-2014 06:45 PM

Hi

 

It is by design that you can't access J-Web of secondary node.

Because http and other dependant daemons runs only on the primary node.

It is not only with http but also all management and routing daemons runs on node where RG0 is primary.

Hope this clarifies.

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Feedback