Hi Community,
Please find the attached image illustrating a sample high availability (HA) architecture using Juniper firewalls (SRX 345) across two sites.
Architecture Overview:
-
Two sites (Site-1 and Site-2), each with a pair of Juniper firewalls(SRX 345) configured in Active/Standby HA clusters.
-
Site-1 Active Firewall is connected directly to the Site-2 Active Firewall.
-
Site-1 Standby Firewall is connected directly to the Site-2 Standby Firewall.
-
Both HA pairs use interface monitoring for failover.
Observed Behavior:
-
When a connectivity failure occurs between the Active Firewall and its local switch (e.g., link down at Site-1), the local HA pair correctly triggers a failover (Site-1 Standby becomes Active).
-
However, the corresponding firewall at the remote site (e.g., Site-2) does not perform a failover in sync, and continues operating with the previously active unit.
Request:
Could anyone advise how to ensure that a failover at one site also triggers a synchronized failover at the other site, maintaining traffic flow consistency across both ends?
Any recommendations for best practices, configuration examples, or HA synchronization mechanisms would be greatly appreciated.
------------------------------
ARUN BALAN
------------------------------