Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Setting Up High Availability


Depending on your requirements, you can configure Spotlight Secure Connector for High Availability (HA) or failover. When the primary node fails, the secondary node automatically takes over without any manual intervention.

To set up HA:

  1. During the setup process, define the HA network configuration settings.
  2. Add both spotlight connectors as specialized nodes into Junos Space.

During the setup process, you define the primary node (Local Connector instance IP address), the secondary node (Remote Connector instance IP address) and the virtual IP address to send to the SRX Series device. See Figure 1.

Figure 1: Defining the HA Network Configuration Settings
Defining the HA Network Configuration

When adding a connector as a specialized node to Junos Space, the system reads the network configuration information specified in the setup process. When the secondary node is added to Junos Space, the system recognizes it as the failover node and establishes the relationship with the primary node automatically. See Figure 2.

Figure 2: Failover Information Displayed in Security Director
Failover Information Displayed
in Security Director

Because the virtual IP address and not the connector management IP address is sent to the SRX Series device, failover occurs seamlessly.

If you did not configure HA during the setup process and want to configure it after you have already added the connector to Junos Space, follow these steps:

  1. On the Junos Space Security Director user interface, select Security Intelligence > Spotlight Connector.
  2. Select the connector(s) that you want to configure for HA and click Delete to remove them as a node.
  3. 2. Log in to the connector using SSH (for example, log in to the connector through the VM console) and re-run the setup script.
  4. Re-add the connectors as a specialized node in Junos Space.

If the connectors were already associated with an SRX Series device, you must associate them again. When configured for HA, the SRX Series device talks to the virtual IP and not the individual device’s IP address.