ON THIS PAGE
Configuring SRX Series Firewall Clusters in Junos Space using Secure Console
You can create a cluster of two SRX-series devices that are combined to act as a single system, or create a single-device cluster and then add a second device to the cluster later. You can also configure a standalone device from an existing cluster device. You can do this using the Secure Console feature in the Devices workspace.
You can configure an SRX-series cluster in the following modes:
Active/passive clustering
Active/active clustering
In the active/passive mode, the transit traffic passes through the primary node, while the backup node is used only in the event of a failure. When failure occurs, the backup device becomes the primary and takes over all the forwarding tasks.
In the active/active mode, the transit traffic always passes through both the nodes of the cluster.
To discover and manage an SRX Series Firewall cluster that is already configured, you must perform the device discovery workflow independently for each cluster node. You can add and discover the cluster devices using the Web UI. The discovery process is common for both standalone devices and cluster devices. For more information, see Running Device Discovery Profiles.
This topic includes the following tasks:
Configuring a Standalone Device from a Single-node Cluster
You can configure a standalone device from device that is currently configured as a single-node cluster.
To configure a single-node cluster as a standalone device:
Configuring a Standalone Device from a Two-Node Cluster
You can configure a standalone device from the secondary peer device in a cluster.
You cannot use the primary peer in a two-node cluster to configure a standalone device.
To configure a secondary peer device in a cluster as a standalone device:
Configuring a Primary Peer in a Cluster from a Standalone Device
You can create a device cluster from two standalone devices. Use the following procedure to configure a standalone device as the primary peer in a cluster.
To configure a primary peer in a cluster from a standalone device:
Configuring a Secondary Peer in a Cluster from a Standalone Device
If a device cluster contains only a primary peer, you can configure a standalone device to function as a secondary peer in the cluster. Use the following procedure to ensure that Junos Space Network Management Platform is able to manage both devices.
To add a standalone device to a cluster:
Configuring a Cluster with Loopback Interface
By default, the SRX devices are configured to be managed through the fxp0 Ethernet management interface.
If the device is managed through non-fxp0 interface (loopback address), add the following additional command to the device so that the SRX Series Firewall is considered as a cluster in Junos Space:
Command: set chassis cluster network-management cluster-primary
All other cluster configuration commands remain the same for both the Active/Active mode, and Active/Passive mode.