SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX 320 Cluster secondary is disabled

    Posted 08-06-2019 07:14

    we have 2 SRX320. Physically connected (3 ports for OOB, fabric and Control)
    SRX-A and SRX-B both load factory default
    the goal is to form cluster but secondary(node1) is disabled, based on failure codes CF "request chassis cluster configuration-synchronize" do nothing
    Please think that both firewall config is "fresh from out of the box"srx.PNGsrx 1.PNG



  • 2.  RE: SRX 320 Cluster secondary is disabled

    Posted 08-06-2019 10:52

    Hi Bouya,

     

    Could you please share the output for the below command?

     

    user@host> show chassis cluster information configuration-synchronization

     

    Alternatively, Is it possible to delete all the configuration from both the nodes except the root authentication password, try to form a cluster once again? Let me know how it goes.

     



  • 3.  RE: SRX 320 Cluster secondary is disabled

    Posted 08-07-2019 18:22

    day1.PNG



  • 4.  RE: SRX 320 Cluster secondary is disabled
    Best Answer

    Posted 08-06-2019 14:06

    Hi Bouya,

     

    The factory default configuration usually pre-configure some of the ports that will be used later in chassis cluster (fxp0/control-link) and if one of these ports have configuration previous you form the chassis cluster, then you will have issues forming the cluster.

     

    The fact that one node is in disable state means that the control-link is not fully coming up and this will also explain the CF alarm because the configuration is synchronized via the control-link.

     

    I will advise to take the nodes back to standalone mode and use a "delete" at the configuration level to delete all existing config. Right after that set a root password and then commit the changes. After this go ahead and form the cluster again:

     

     # delete
     # set root-authentication plain-text-password
     # commit
     # run set chassis cluster cluster-id [#] node [#] reboot

     

    Hope this helps you.

     



  • 5.  RE: SRX 320 Cluster secondary is disabled

    Posted 08-06-2019 14:09

    Another suggested test:

     

    When the SRXs are in standalone mode, if you want to confirm that the cabling/ports are good, you could configure IP addresses on the ports that will be use for control-link and ping between them. This will confirm that there are no problems at the physical layer.

     



  • 6.  RE: SRX 320 Cluster secondary is disabled

    Posted 08-07-2019 19:01

    Thank you. This works