All I want to do is enable simple HA cluster between two SRX 300. Their ge-0/0, 0/1, 0/2 are direct connected with ethernet.
After enabling cluster id 1 it shows below:
root@r0> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures
Redundancy group: 0 , Failover count: 1
node0 1 primary no no None
node1 0 disabled no no CF
Here's my config:
{primary:node0}
root@r0> show configuration
## Last commit: 2018-08-01 16:45:43 UTC by root
version 15.1X49-D45;
system {
host-name r0;
root-authentication {
encrypted-password "$5$ByFRmSfA$8wCJ7PxMaB8Pt0kmA71B0fUcgFVdUKSd9Jjda0b.nw5"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 ge-0/0/5.0 ];
}
https {
system-generated-certificate;
interface [ ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 ge-0/0/5.0 ];
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/2.0;
ge-0/0/3.0;
ge-0/0/4.0;
ge-0/0/5.0;
}
}
security-zone untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
all;
}
protocols {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 192.168.2.1/24;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 192.168.3.1/24;
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 192.168.4.1/24;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 192.168.5.1/24;
}
}
}
ge-0/0/6 {
unit 0;
}
ge-0/0/7 {
unit 0;
}
}
{disabled:node1}
root@r1> show configuration
## Last commit: 2018-08-01 16:34:59 UTC by root
version 15.1X49-D45;
system {
host-name r1;
root-authentication {
encrypted-password "$5$l3fymI5B$OIZFWy7mskXFZTmcs4CLFMWK1zEd8GoYTBo.EAQsin."; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 ge-0/0/5.0 ];
}
https {
system-generated-certificate;
interface [ ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 ge-0/0/5.0 ];
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/2.0;
ge-0/0/3.0;
ge-0/0/4.0;
ge-0/0/5.0;
}
}
security-zone untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
all;
}
protocols {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.2/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 192.168.2.2/24;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 192.168.3.1/24;
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 192.168.4.1/24;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 192.168.5.1/24;
}
}
}
ge-0/0/6 {
unit 0;
}
ge-0/0/7 {
unit 0;
}
}