vSRX

Expand all | Collapse all

Mgmt port best practices

Jump to Best Answer
  • 1.  Mgmt port best practices

    Posted 02-27-2019 15:07

    I'm trying to setup a vSRX that has 4 interfaces. FXP0, GE-0/0/0, 1, & 2. What are the best practices for configuring management traffic like syslog, authentication, DNS lookups? Should I be sending this traffic via the fxp0 port or should I configure a loopback address? Or should I just enable SSH to one of my ge-0/0 interfaces and just start using that as my main management access and treat the FXP0 as an OOB backup lifeline interface?



  • 2.  RE: Mgmt port best practices
    Best Answer

     
    Posted 02-27-2019 22:35

    Hi,

     

    I recommend you to use FXP0 interface only for management. Kindly use any of the GE-0/0/0, 1, & 2 to configure syslog, authentication and DNS lookups.

     

    You can configure the Syslog logging in the stream mode following the below documents. This will help you to offload the Routing engine and will forward all the syslog related traffic from Packet forwarding engine.

     

    + Syslog configuration:
    # https://kb.juniper.net/InfoCenter/index?page=content&id=kb16502

     

    + Setting the System to Stream Security Logs Through Revenue Ports:
    # https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-security-log-revenue-port-setting.html

     

    + Forward traffic logs from an SRX device using the stream mode
    # https://kb.juniper.net/InfoCenter/index?page=content&id=KB16224&actp=METADATA

     

    Please let me know if you have any queries.

     

    -Regards,
    Rishi
    [KUDOS PLEASE! If you think I earned it!
    If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]