Thank you, I'll run through this a few times on the lab units to get more familiar with the process. I think my hesitation was that I'd rather let the system handle configuration synchronization, rather than trying to do it myself, but when it comes time to do this not on the lab, peace of mind would ...

I think it's one of those "do it at your own risk" types of things. I think the main concern is the behavior of the new node1 after it's connected and boots up but before you synchronize the config. As long as you can make sure it doesn't somehow try to take over revenue traffic, you'll probably ...

Ah, so it sounds like your concern is with traffic that doesn't belong to an existing session, rather than, or in addition to, lots of sessions being initiated with incomplete handshakes. I don't have answers, unfortunately, but this is an interesting situation. My guess is that the 500,000 connections ...

I tested this on my lab units, it seems to work correctly via this shortened process after doing a 'request chassis cluster configuration-synchronize' via console on the "new" node 1 then a 'commit full' on node 0. Do you see any issues with going about it this way? It seems more simple than having ...

Okay, thank you, good to know, I guess I would have gotten bit by that, if the config wouldn't sync even with an eg request chassis cluster configuration-synchronize. I'll just follow that article closely. Regarding the features, I've got no licenses, the only thing I can think of would be the certificate ...

Dear Nikolay Semov, First of all, thank you for your response. I believe there was some confusion due to my inability to clearly convey the intended architecture. Currently, I do not own a Juniper SRX4600 device. The Juniper MX204 is performing quite well in my current setup and is meeting most of ...

Out of curiosity, what are the specific (types of) attacks that are causing your performance problems downstream? I'm just wondering if it's something that the SRX can screen out that the MX can't filter out. I'm not sure what "well-configured" means but if the SRX can't screen out the attack (i.e. ...