Shulou(Shulou.com)06/01 Report--

Juniper vSRX Firewall HA Configuration

Experimental network topology

experimental goal

Complete the configuration of SRX firewall failover test device connectivity

Experimental configuration steps:

Connect the ge-0/0/1 and ge-0/0/2 ports of two vSRX firewalls using a network cable or Esxi or VM network. The ge-0/0/1 interface is used as a Control Link, and the ge-0/0/2 interface is used as a Fabric Link. Restore the firewall to a state where only the root password is set. The root passwords for both devices remain the same Use the set chassis cluster cluster-id 2 node 0 reboot command to configure the first firewall as the first device of cluster 2 and reboot the deviceUse the set chassis cluster cluster-id 2 node 1 reboot command to configure the second firewall as the second device of cluster 2 and reboot the deviceOnce the device reboot is complete, The following configuration is required on the node0 device to resolve address conflicts on the management interface

set groups node0 system host-name Mylab-FW1

set groups node0 interfaces fxp0 unit 0 family inet address 100.100.100.1/24

set groups node1 system host-name Mylab-FW2

set groups node1 interfaces fxp0 unit 0 family inet address 100.100.100.2/24

set apply-groups ${node}

commit and quit

#At this time, the firewall names are changed to Mylab-FW1 and Mylab-FW2 respectively

Next we configure Redundancy Group

#Use cluster reth-count to explicitly state how many RG groups need to be configured

set chassis cluster reth-count 2

set chassis cluster redundancy-group 0 node 0 priority 100

set chassis cluster redundancy-group 0 node 1 priority 99

set chassis cluster redundancy-group 1 node 0 priority 100

set chassis cluster redundancy-group 1 node 1 priority 99

#Configure Fabric Link

set interfaces fab0 fabric-options member-interfaces ge-0/0/2

set interfaces fab1 fabric-options member-interfaces ge-7/0/2

#Note vSRX After Cluster is completed, the standby host interface is the primary device interface +7

Configure Redundant Interface

#Configure redundant interfaces

set interfaces ge-0/0/3 gigether-options redundant-parent reth0

set interfaces ge-0/0/4 gigether-options redundant-parent reth2

set interfaces ge-7/0/3 gigether-options redundant-parent reth0

set interfaces ge-7/0/4 gigether-options redundant-parent reth2

set interfaces reth0 redundant-ether-options redundancy-group 1

set interfaces reth0 unit 0 family inet address 10.1.1.10/24

set interfaces reth2 redundant-ether-options redundancy-group 1

set interfaces reth2 unit 0 family inet address 202.100.1.10/24

Check HA status

If you need to restore to remote independent use

#First shut down the cluster and then restart

set chassis cluster disable reboot

#Restore to factory settings using load factory-default

load factory-default

set system root-authentication plain-text-password

commit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.