Configuring Junos OS Enforcer Failover Options (CLI Procedure)

To configure Infranet Controller failover processing, you must configure the Junos OS Enforcer to connect to a cluster of Infranet Controllers. The Junos OS Enforcer communicates with one of these Infranet Controllers at a time and uses the others for failover processing.

Before you begin:

1. Enable UAC through the relevant Junos OS security policies. See Enabling UAC in a Junos OS Environment (CLI Procedure).
2. Configure the SRX Series or J Series device as a Junos OS Enforcer. During the configuration, define a cluster of Infranet Controllers to which the Junos OS Enforcer should connect. See Configuring Communications Between the Junos OS Enforcer and the Infranet Controller (CLI Procedure).

To configure failover processing:

1. Specify how often (in seconds) the Junos OS Enforcer should expect a heartbeat signal from the Infranet Controller indicating an active connection:

   user@host# set services unified-access-control interval seconds
2. Specify the interval (in seconds) at which the Junos OS Enforcer should consider the current connection timed out:
   user@host# set services unified-access-control timeout seconds
3. Specify how the Junos OS Enforcer should handle all current and subsequent traffic sessions when its connection to an Infranet Controller cluster times out:
   user@host# set services unified-access-control timeout-action (close | no-change | open)

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding Communications Between Junos OS Enforcer and a Cluster of Infranet Controllers