Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Best way to cable VC to HA firewalls for redundancy?

  • 1.  Best way to cable VC to HA firewalls for redundancy?

    Posted 05-27-2021 09:23
    I have a lab environment (learning Junos) and I'm looking for the best way to cable my virtual chassis switches to a pair of HA firewalls?

    I have two EX2200-C in a VCF and two Fortigate 61E Firewalls in a HA. How can I cable these bad boys up so if one device dies is doesn't bring the whole network down?

    Here is a rather poor drawing of what is I was thinking would work (I am no Picasso).


  • 2.  RE: Best way to cable VC to HA firewalls for redundancy?

    Posted 05-28-2021 10:10
    Hi fins, welcome to the wonderful Juniper world :)

    That cabling should work depending on how things are configured from a firewall zones perspective, how it handles the passive FW, etc.


    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 3.  RE: Best way to cable VC to HA firewalls for redundancy?

     
    Posted 05-29-2021 05:39
    The cabling will depend on how the firewall side interfaces are used and what the firewall failover process is.  

    Your example is appropriate if this is a active/passive firewall pair
    And the two interfaces on each firewall are a single interface bundle with tags for the multiple zones

    But if the two interfaces are each untagged and single zone the setup will take down one side of your firewall if a single switch fails.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------