Mgmt port best practices

‎02-27-2019 03:06 PM

I'm trying to setup a vSRX that has 4 interfaces. FXP0, GE-0/0/0, 1, & 2. What are the best practices for configuring management traffic like syslog, authentication, DNS lookups? Should I be sending this traffic via the fxp0 port or should I configure a loopback address? Or should I just enable SSH to one of my ge-0/0 interfaces and just start using that as my main management access and treat the FXP0 as an OOB backup lifeline interface?

Accepted by topic author joshuamichaelsanders
‎02-28-2019 09:53 AM

Re: Mgmt port best practices

‎02-27-2019 10:35 PM



I recommend you to use FXP0 interface only for management. Kindly use any of the GE-0/0/0, 1, & 2 to configure syslog, authentication and DNS lookups.


You can configure the Syslog logging in the stream mode following the below documents. This will help you to offload the Routing engine and will forward all the syslog related traffic from Packet forwarding engine.


+ Syslog configuration:
# https://kb.juniper.net/InfoCenter/index?page=content&id=kb16502


+ Setting the System to Stream Security Logs Through Revenue Ports:
# https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-s...


+ Forward traffic logs from an SRX device using the stream mode
# https://kb.juniper.net/InfoCenter/index?page=content&id=KB16224&actp=METADATA


Please let me know if you have any queries.


[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]