SRX

 View Only

  • 1.  fxp ports on SRX-345

    Posted 21 days ago

    Hello everyone,

    I am working on setting up a chassis cluster between two SRX345 devices. These units will be located in separate physical locations, which means it is not possible to directly connect the fxp (control) ports to each other.

    I am trying to determine whether anyone has successfully deployed an SRX345 chassis cluster where the fxp control ports traverse a VLAN or switched Layer‑2 infrastructure rather than being directly connected. Any insight, confirmation of supportability, or shared experiences would be greatly appreciated.

    Thank you.



    ------------------------------
    NATHAN GUESS
    ------------------------------


  • 2.  RE: fxp ports on SRX-345

    Posted 20 days ago

    My impression is that this is frowned upon perhaps because it inserts a variable, something to question when things go sideways. That being said, check this out: https://phil.lavin.me.uk/2016/09/chassis-clustering-a-juniper-srx-firewall-via-a-switch/

    Basically if the switching in between can commit to hauling all sorts of packets without interfering with any of them, then the firewalls will be none the wiser. The logic would not be exactly the same, still, because link-down on one side won't necessarily translate to link-down on the other end, but I believe these days things use heartbeats.

    Anyway, I haven't done this myself, but I think you should be able to make it work.



    ------------------------------
    Nikolay Semov
    ------------------------------

    Original Message