Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Deep inspection and nsrp cluster

    Posted 05-28-2013 09:37

    Hi,

    on juniper support website we can read:

     
    NOTE: Deep inspection is only available on standalone devices. It cannot be used to disable attacks when the device is in a cluste

    Does it mean what it means? Even if we have a deep inspection license, as our firewall is in active/passive nsrp cluster, we can't use deep inscpection feature? really?
     
    Thanx 🙂


  • 2.  RE: Deep inspection and nsrp cluster

    Posted 05-28-2013 21:25

    Hi,

     

    Can you share the link to the page that has this statement, I can check on it.

     

    Thanks.
    Hardeep



  • 3.  RE: Deep inspection and nsrp cluster

    Posted 05-29-2013 03:03

    Hi,

    here is the documentation where I found this:

    https://www.juniper.net/techpubs/en_US/nsm2012.2/topics/concept/security-service-classification-deep-inspection-overview.html



  • 4.  RE: Deep inspection and nsrp cluster
    Best Answer

    Posted 05-30-2013 02:31

    Answer from jtac:

     

    Action Plan:-

    -I saw the message and the site url where you saw the message.

    -The message on the url means that the you need licenses for deep Inspection on all the device in the cluster.

    -You cannot use license on the master on the back-up device for the Deep inspection functionality.

    -Deep Inspection can be implemented on all the devices in the cluster.

    -Following is the link for the verification:

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB4918&cat=NS_500&actp=LIST

     

    So DI in active/passive cluster works, note in the original kb is weird...