Hi,
Are the SRX configured in packet mode as router only or as the normal shipped flow mode as a firewall?There is no packet filtering. Please advise what is the best for the scenario? Please find below configuration sample
IRB Created in both firewalls. X firewall Configuration shown below
set interfaces irb unit 10 family inet sampling input
set interfaces irb unit 10 family inet sampling output
set interfaces irb unit 10 family inet address 100.0.50.2/28 vrrp-group 1 virtual-address 100.0.50.1
set interfaces irb unit 10 family inet address 100.0.50.2/28 vrrp-group 1 priority 202
set interfaces irb unit 10 family inet address 100.0.50.2/28 vrrp-group 1 preempt
set interfaces irb unit 10 family inet address 100.0.50.2/28 vrrp-group 1 accept-data
set vlans MGMT vlan-id 10
set vlans MGMT l3-interface irb.10
Created Security Zones in Both Firewalls. X Firewall Configuration shown below
set security zones security-zone MGMT host-inbound-traffic system-services all
set security zones security-zone MGMT host-inbound-traffic protocols all
set security zones security-zone MGMT interfaces irb.10.
Applied IRB to the Physical Interfaces
set interfaces ge-0/0/7 description **Link-to-Location1**
set interfaces ge-0/0/7 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members MGMT
Between Nodes Trunking, X and Y Firewalls. X Firewall Configuration shown below
set interfaces ge-0/0/0 description **SRX-NodeY**
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
Applied ACL Between Zones
SSH, Junos ping
Applied Static Route both location, on both firewalls. X Firewall Configuration shown below
set routing-options static route 192.168.1.0/26 next-hop 10.10.10.6
How are the routing subnets exchanged between site 1 and site 2? OSPF, BGP, static routes?Static Route done from Both Location.
------------------------------
ARUN BALAN
------------------------------
Original Message:
Sent: 11-19-2022 20:10
From: STEVE PULUKA
Subject: Juniper SRX Firewall VRRP not able to access the VLAN
Are the SRX configured in packet mode as router only or as the normal shipped flow mode as a firewall?
How are the routing subnets exchanged between site 1 and site 2? OSPF, BGP, static routes?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 11-19-2022 05:55
From: Anonymous User
Subject: Juniper SRX Firewall VRRP not able to access the VLAN
This message was posted by a user wishing to remain anonymous
Hi,
I am facing an issue with Juniper SRX Firewalls, configured firewalls using VRRP but i am not able to access the Second VRRP firewall irb. (Refer attached first Picture)
Two Firewalls A and B Configured with VRRP and a trunk port between each other with all allowed vlan members.
Other two firewalls X and Y also Configured with VRRP and a trunk port between each other with all allowed vlan members.
A Firewall Connected to X and B firewall Connected to Y.
When i am trying to access the management VLAN of Firewall B or Firewall Y, I am not able to access from the switch that is connected to A and B. (Refer attached first Picture)
And also, one more issue is when i reboot Firewall X, the traffic to the computers Location 2 that are connected to Y not reaching from Location 1. (Refer attached second Picture).
Please advise, what is the best way to resolve this issue without changing the current design.