SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  command impact or meaning of commands in SRX240

    Posted 05-20-2014 22:49
    1. set groups node0 system host-name blaze1-1.firewall
    2. set groups node0 system backup-router x.x.x.x
    3. set groups node0 system backup-router destination x.x.x.x/x
    4. set groups node0 interfaces fxp0 unit 0 family inet address x.x.x.x/x
    5. set groups node1 system host-name new-blaze1-2.hyd
    6. set groups node1 system backup-router x.x.x.x
    7. set groups node1 system backup-router destination x.x.x.x/x
    8. set groups node1 interfaces fxp0 unit 0 family inet address x.x.x.x/x

    can any one get these lines meaning for srx240 firewall and what impact that it gives.

     

    Thanks,

    Mahesh.


    #SRX240commands


  • 2.  RE: command impact or meaning of commands in SRX240

     
    Posted 05-20-2014 22:55

    Hello Mahesh

     

    These commands are used to configure node specific information like: host-name, management interface configuration, etc..

    On configuring these commands you can access both nodes of a cluster independently using their fxp0 IPs.

    Routing daemon would run only in primary node, hence you would need backup-router configuration to reach management network.

     

    Regards,

    Raveen



  • 3.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 22:58

    Hi Mahesh,

     

      These config is to get the management access via fxp0 of a node which is secondary for RG0 group; the back up router config is needed as routing sub-system will not be running in secondary node.

     

    You can refer the below KB for more details

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB13288

     

    Thanks,

    SHKM

     

     



  • 4.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 23:11

    Hi,

     

    Thanks for your reply and i am still unable to get the backup-router concept and can you just explain that.

     

    As we have given same ip and destination for the backup-router in node 0 and node 1, why is it so ?

     

    1. set groups node0 system backup-router 192.168.253.254
    2. set groups node0 system backup-router destination 192.168.32.0/24
    3. set groups node0 system backup-router 192.168.253.254
    4. set groups node0 system backup-router destination 192.168.32.0/24

    thanks,

    Mahesh.



  • 5.  RE: command impact or meaning of commands in SRX240
    Best Answer



  • 6.  RE: command impact or meaning of commands in SRX240

     
    Posted 05-20-2014 23:28

    Hi Mahesh

     

    backup-router 192.168.253.254 is the gateway to reach private management network.

    And destination denotes the subnet of management network.

    Backup-router IP would be in the same subnet as that of your fxp0 IP.

     

    If fxp0 IPs of two nodes are of different subnet and connected to different switch/L3 device, then you can have different backup-router ip.

     

    In myexperience, typical deployment would be to have single management network and fxp0s of both nodes connected to same switch(in this scenario your backup-router and destination would be the same).

     

    Regards,

    Raveen

     

     



  • 7.  RE: command impact or meaning of commands in SRX240

    Posted 05-20-2014 23:20

    Thank you all,

     

    My doubts clarified.