SRX

Expand all | Collapse all

can't HTTPs to fxp0 on node1

Jump to Best Answer
  • 1.  can't HTTPs to fxp0 on node1

    Posted 04-09-2014 05:55

     

    Hi All,

     

    I have srx3400 A/P cluster. I can manage node0 via telnet ssh https http and same for node1 excep I can't mange it through https and http.

     

    I monitored the traffic on interface fxp0 of node1 and that's what I get:

     

    15:16:32.357987  In IP 10.50.32.99.53239 > 172.21.211.246.https: S 2837602387:2837602387(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
    15:16:32.358052 Out IP 172.21.211.246.https > 10.50.32.99.53239: R 0:0(0) ack 2837602388 win 0

     

    the configuration is fine I think :

     

    set version 11.4R9.4
    set groups node1 system host-name BAS-SRX3400-2
    set groups node1 system backup-router 172.21.211.1
    set groups node1 system backup-router destination 10.50.32.0/24
    set groups node1 interfaces fxp0 enable
    set groups node1 interfaces fxp0 unit 0 family inet address 172.21.211.246/24
    set groups node0 system host-name BAS-SRX3400-1
    set groups node0 system backup-router 172.21.211.1
    set groups node0 system backup-router destination 10.50.32.0/24
    set groups node0 interfaces fxp0 enable
    set groups node0 interfaces fxp0 unit 0 enable
    set groups node0 interfaces fxp0 unit 0 family inet address 172.21.211.247/24
    set apply-groups "${node}"

     

    set system services ssh connection-limit 5
    set system services ssh rate-limit 4
    set system services telnet connection-limit 10
    set system services telnet rate-limit 4
    set system services web-management http interface fxp0.0
    set system services web-management http interface reth1.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface fxp0.0
    set system services web-management https interface reth1.0
    set system services web-management session idle-timeout 60
    set system services web-management session session-limit 2

     

    I can ping ssh and telnet to node1  but https and http I can't

    for node0 everything is ok.

     

    please help.

     

    thank you,

     

    Best Regards,

    Haitham Jneid



  • 2.  RE: can't HTTPs to fxp0 on node1
    Best Answer

     
    Posted 04-09-2014 06:38
    Sadly, http/https does not work on device acting as secondary.

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16827

    You should be able to manage node1 after failing over redundancy-group 0 to node1.

    Regards.
    Sam


  • 3.  RE: can't HTTPs to fxp0 on node1

     
    Posted 04-09-2014 18:45

    Hi

     

    It is by design that you can't access J-Web of secondary node.

    Because http and other dependant daemons runs only on the primary node.

    It is not only with http but also all management and routing daemons runs on node where RG0 is primary.

    Hope this clarifies.

     

    Regards,

    Raveen