Multinode High Availability Support for vSRX Virtual Firewall Instances

Multinode High Availability addresses high availability requirements for private and public cloud deployments by offering interchassis resiliency.

We support Multinode High Availability on Juniper Networks vSRX Virtual Firewall Virtual Firewalls for the private (Kernel-based virtual machine [KVM] and VMware ESXi) and public cloud (AWS) deployments.

You can configure Multinode High Availability on vSRX instances by using the same method as for physical SRX Series firewalls for private cloud deployments.

To configure Multinode High Availability in VMware ESXi, and KVM:

Deploy two vSRX Virtual Firewalls instances in private clouds. Refer Install vSRX Virtual Firewall with KVM or Install vSRX Virtual Firewall with VMware vSphere Web Client.

Setup Multinode High Availability using the instructions available in the following topics:

To configure Multinode High Availability in public cloud deployments:

See Multinode High Availability in AWS Deployments.

ICL Encryption and Flexible Datapath Failure Detection Support

The vSRX Virtual Firewall in Multinode High Availability deployed in private clouds (KVM and VMware ESXi) supports ICL Encryption and Flexible Datapath Failure Detection.

ICL Encryption uses IPsec protocols to secure synchronization messages between high-availability nodes, ensuring data privacy. See Example: Configure Multinode High Availability in a Layer 3 Network for configuration details.
Flexible Datapath Failure Detection offers path monitoring with granular control through weighted features, supporting IP, Bidirectional Forwarding Detection (BFD), and interface monitoring.
SeeFlexible Path Monitoring for more details.