Security

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  SRX5400 Cluster Upgrade

    Posted 10-17-2022 20:13
    Hi,

    node0 - primary
    node1 - secondary

    while upgrading the SRX5400 cluster which one needs to reboot first - node0 or node1? 

    OR

    reboot simultaneously both nodes (there might be a few seconds delay to enter reboot cmd in each node).

    when devices are upgraded, node0 should hold its primary position. 


    Thanks.


  • 2.  RE: SRX5400 Cluster Upgrade

     
    Posted 10-18-2022 11:14
    Hello,

    No such restrictions on what node you would like to reboot first.  
    In case if you are going with minimal downtime method, the node which is upgraded / rebooted first will be primary for all RG at the end.
    If proceeding to reboot both at same time it depends on which node boots first. However its up to you where you can just failover as per whichever node you would like to be primary. 

    https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/ref/command/request-chassis-cluster-failover-redundacy-group.html

    Minimal downtime method reference is as below: ( check the attached pdf with name Minimal_Downtime_Upgrade_HighEnd (SRX5k series)  )

    https://supportportal.juniper.net/s/article/SRX-How-to-upgrade-an-SRX-cluster-with-minimal-down-time?language=en_US

    Thanks


  • 3.  RE: SRX5400 Cluster Upgrade
    Best Answer

     
    Posted 10-18-2022 11:15
    Hello,

    In case of minimal downtime, whichever node is rebooted first will become primary at the end. If you are proceeding with simultaneous reboot then whichever node comes up first will become primary.
    However, we always have an option to do manual failover the nodes to your design and network requirements:

    https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/ref/command/request-chassis-cluster-failover-redundacy-group.html

    Regards