Home > Others

Juniper VSRX Firewall ha configuration

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Juniper VSRX Firewall ha configuration

Topological structure of experimental network

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2B/wKiom1R6wn6S3GsPAACvyJKrKGQ317.jpg "/>

Experimental objectives

    • Complete the failover configuration of the SRX firewall
    • Connectivity of test equipment

Experiment Configuration steps:

  2. The GE-0/0/1 and GE-0/0/2 ports of the two VSRX firewalls are interconnected using a network cable or using ESXI or VM networks, and the GE-0/0/1 interface acts as a control LINK,GE-0/0/2 interface as a fabric Link.
  4. Restore the firewall to a state that only has the root password set, and the root password of the two devices remains the same
  6. use set chassis cluster Cluster-id 2 Node 0 reboot command To configure the first firewall as The first device in cluster 2 and restart the device
  8. use set chassis cluster Cluster-id 2 Node 1 reboot command To configure the second firewall as The second device in cluster 2 and restart the device
  9. After the device restart is complete, the following configuration is required on the NODE0 device to resolve address conflicts for the management interface

    Set groups NODE0 system Host-name MYLAB-FW1

    Set groups NODE0 interfaces fxp0 Unit 0 family inet address 100.100.100.1/24

    Set groups Node1 system Host-name MYLAB-FW2

    Set groups Node1 interfaces fxp0 Unit 0 family inet address 100.100.100.2/24

    Set Apply-groups ${node}

    Commit and quit

    #这个时候防火墙的名称分别变为Mylab-FW1 and MYLAB-FW2

  10. below we make the configuration of redundancy group

    #使用cluster Reth-count explicitly declares the need to configure several RG groups

    Set Chassis cluster Reth-count 2

    Set chassis cluster Redundancy-group 0 node 0 Priority 100

    Set chassis cluster Redundancy-group 0 Node 1 priority 99

    Set chassis cluster Redundancy-group 1 Node 0 priority 100

    Set chassis cluster Redundancy-group 1 Node 1 priority 99

    #配置Fabric Link

    Set Interfaces fab0 fabric-options member-interfaces GE-0/0/2

    Set interfaces Fab1 fabric-options member-interfaces GE-7/0/2

    #注意vSRX在完成Cluster之后, the interface of the alternate host is the main device interface +7

  11. Configuring redundant Interface

    #配置冗余接口

    Set Interfaces GE-0/0/3 gigether-options redundant-parent Reth0

    Set Interfaces GE-0/0/4 gigether-options redundant-parent reth1

    Set Interfaces GE-7/0/3 gigether-options redundant-parent Reth0

    Set Interfaces GE-7/0/4 gigether-options redundant-parent reth1

    Set Interfaces Reth0 redundant-ether-options Redundancy-group 1

    Set interfaces Reth0 Unit 0 family inet address 10.1.1.10/24

    Set Interfaces Reth1 redundant-ether-options Redundancy-group 1

    Set interfaces reth1 Unit 0 family inet address 202.100.1.10/24

  13. Check the status of HA

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2B/wKiom1R6wn6AsFAnAAFFSJAHoLQ016.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/29/wKioL1R6wwWRBuArAAE96GLeKEc646.jpg "/>

    1. If you need to restore to a remote, standalone use state

      #首先关闭集群后重启

      Set chassis cluster Disable reboot

      #使用load Factory-default restore to factory settings

      Load Factory-default

      Set System Root-authentication Plain-text-password

      Commit

Juniper VSRX Firewall ha configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
juniper netscreen firewall juniper ssg firewall juniper firewall filter juniper vlan configuration juniper router configuration tutorial juniper srx show configuration juniper bgp configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More