Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Management access to Master&Backup juniper

    Posted 03-27-2011 12:49

    Hi Expert,

    I have two 520M juniper firewalls in HA(Master and backup)

    Now I am about to configure monitoring tool to monitor both firewalls and wanna access to both firewalls for management purpose.

     

    I have assigned IPs as follows:

    Master juniper:

    set interface ethernet0/0.4 ip 10.1.174.1/25
    set interface ethernet0/0.4 route

    set interface ethernet0/0.4 manage-ip 10.1.174.2


    Backup Juniper:

    set interface ethernet0/0.4 ip 10.1.174.1/25
    set interface ethernet0/0.4 route

    set interface ethernet0/0.4 manage-ip 10.1.174.3

      

    The problem is I can only access to master juniper using "Manage IP-10.1.174.2".  At the same time I can't access backup juniper using "Manage IP-10.1.174.3".

      

     But If I manually change the backup juniper to act as a master, Then I can access the firewall using "Manage IP-10.1.174.3" but can't  access "Manage IP-10.1.174.2( now it's in backup juniper)".

     

    Hence, I can only access to master juniper using "Manage IP". please help me to advice on what should I do to access both firewall at the same time.

     

    Thanks in Advance!

     

    Regards,

    Sona

      

     

     



  • 2.  RE: Management access to Master&Backup juniper

    Posted 03-27-2011 16:45

    Here are the troubleshooting guides for management of nsrp clusters.  Follow down the list to the specific circumstances of your issue.  then there is a link to a kb article for each possible problem that walks you through the configuration adjustements needed.
     
    Flow chart version:
    http://kb.juniper.net/kb/documents/public/resolution_path/J_visio_kb11363.htm
     
    Question/Answer version:
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB11363

    Reference:
     
    Here is the master troubleshooting guide for nsrp
    http://kb.juniper.net/kb/documents/public/resolution_path/J_visio_NSRP_resolution_guide.ht



  • 3.  RE: Management access to Master&Backup juniper

    Posted 03-27-2011 23:27

    Hi Spuluka,

    Thanks for your reply.

    really sorry....I forgot to tell you that...I can access both firewall from inside networks(without client VPN). But if I try to access the same from my Netscreen client VPN remotly, I can't access the backup firewall.

     

    Checked Policy log in primary firewall and found  no return packet from Backup Manage IP.

     

    Please help to advice...Thanks!

     

    Sona

     



  • 4.  RE: Management access to Master&Backup juniper

    Posted 03-28-2011 02:43

    Please check KB11374



  • 5.  RE: Management access to Master&Backup juniper
    Best Answer

    Posted 03-30-2011 03:50

    Vow!!...It's works now after issued this cmd "set flow mac-cache mgt"

     

    Thanks U!..

    Sona