SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  command impact or meaning of commands in SRX240

    Posted 05-20-2014 22:49
    1. set groups node0 system host-name blaze1-1.firewall
    2. set groups node0 system backup-router x.x.x.x
    3. set groups node0 system backup-router destination x.x.x.x/x
    4. set groups node0 interfaces fxp0 unit 0 family inet address x.x.x.x/x
    5. set groups node1 system host-name new-blaze1-2.hyd
    6. set groups node1 system backup-router x.x.x.x
    7. set groups node1 system backup-router destination x.x.x.x/x
    8. set groups node1 interfaces fxp0 unit 0 family inet address x.x.x.x/x

    can any one get these lines meaning for srx240 firewall and what impact that it gives.

     

    Thanks,

    Mahesh.


    #SRX240commands


  • 2.  RE: command impact or meaning of commands in SRX240

     
    Posted 05-20-2014 22:55

    Hello Mahesh

     

    These commands are used to configure node specific information like: host-name, management interface configuration, etc..

    On configuring these commands you can access both nodes of a cluster independently using their fxp0 IPs.

    Routing daemon would run only in primary node, hence you would need backup-router configuration to reach management network.

     

    Regards,

    Raveen



  • 3.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 22:58

    Hi Mahesh,

     

      These config is to get the management access via fxp0 of a node which is secondary for RG0 group; the back up router config is needed as routing sub-system will not be running in secondary node.

     

    You can refer the below KB for more details

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB13288

     

    Thanks,

    SHKM

     

     



  • 4.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 23:11

    Hi,

     

    Thanks for your reply and i am still unable to get the backup-router concept and can you just explain that.

     

    As we have given same ip and destination for the backup-router in node 0 and node 1, why is it so ?

     

    1. set groups node0 system backup-router 192.168.253.254
    2. set groups node0 system backup-router destination 192.168.32.0/24
    3. set groups node0 system backup-router 192.168.253.254
    4. set groups node0 system backup-router destination 192.168.32.0/24

    thanks,

    Mahesh.



  • 5.  RE: command impact or meaning of commands in SRX240
    Best Answer



  • 6.  RE: command impact or meaning of commands in SRX240

     
    Posted 05-20-2014 23:28

    Hi Mahesh

     

    backup-router 192.168.253.254 is the gateway to reach private management network.

    And destination denotes the subnet of management network.

    Backup-router IP would be in the same subnet as that of your fxp0 IP.

     

    If fxp0 IPs of two nodes are of different subnet and connected to different switch/L3 device, then you can have different backup-router ip.

     

    In myexperience, typical deployment would be to have single management network and fxp0s of both nodes connected to same switch(in this scenario your backup-router and destination would be the same).

     

    Regards,

    Raveen

     

     



  • 7.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 23:20

    Thank you all,

     

    My doubts clarified.