vSRX

 View Only
last person joined: 8 days ago 

Ask questions and share experiences with vSRX Virtual Firewall deployments and how to scale firewall protection.
  • 1.  SRX-300 VRRP scenario

    Posted 11-12-2021 05:37
    Hi,

    I have configured the SRX300 to use VRRP in the LAN interfaces, but I am facing an issue where the routers are in the Active/Active. The LAN's interface is connected to Core Switch and I have connectivity between the routers (ping is OK).

    The interface's ge-0/0/0 configuration is following:

    Router-01
    show configuration interfaces ge-0/0/0   
    unit 0 {
        description "CNX LAN";
        family inet {
            address 172.16.3.201/25 {
                vrrp-group 1 {
                    virtual-address 172.16.3.200;
                    priority 200;
                    preempt;
                    accept-data;
                }
            }
        }
    }

    Router-02
    show configuration interfaces ge-0/0/0   
    unit 0 {
        description "CNX LAN";
        family inet {
            address 172.16.3.202/25 {
                vrrp-group 1 {
                    virtual-address 172.16.3.200;
                    preempt;
                    accept-data;
                }
            }
        }
    }

    These routers are configured in the packet-based mode and there are no security zones available.

    My questions are:

    Does the SRX300 support VRRP on the physical interfaces? 
    There is a specific configuration to apply in the SRX300 to enable VRRP on the physical interfaces?

    Thanks,
    TM


    ------------------------------
    Thiago Morais
    ------------------------------


  • 2.  RE: SRX-300 VRRP scenario

    This message was posted by a user wishing to remain anonymous
    Posted 11-13-2021 05:57
    This message was posted by a user wishing to remain anonymous

    Hi,
    We using VRRP a lot without any problems, but in flow mode.