Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

High Availability

  • IPv6 Addresses support for BFD monitoring (SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.4R1, you can configure Bidirectional Forwarding Detection (BFD) monitoring using IPv6 addresses in a Multinode High Availability setup.

    See [Multinode High Availability].

  • Active-active Multinode High Availability (SRX1500, SRX4100, SRX4200, SRX4600, and vSRX3.0)—Starting in Junos OS Release 23.4R1, you can operate Multinode High Availability in active-active mode on SRX1500, SRX4100, SRX4200, and SRX4600 Firewalls.

    Multinode High Availability supports IPsec VPN in active-active mode with multiple SRGs (SRG1+). In this mode, you can establish multiple active tunnels from both the nodes, based on SRG activeness. Since different SRGs can be active on different nodes, tunnels belonging to these SRGs come up on both nodes independently. Having active tunnels on both the nodes enables encrypting/decrypting data traffic on both the nodes resulting in efficient use of bandwidth.

    See [Multinode High Availability].

  • Enhancements for Multinode High Availability monitoring features (SRX1500, SRX4100, SRX4200, and SRX4600, SRX5400, SRX5600, and SRX5800)—Starting in Junos OS Release 23.4R1, we have added new enhancements for the path monitoring features.

    The enhancements add more granular control for the path monitoring by:

    • Grouping of monitoring functions
    • Monitoring based on the direction (upstream and downstream) associated with an SRG path
    • Adding weights associated with each monitoring function
    • Monitoring for SRG0 in addition to SRG1+

    By grouping related attributes together, the system can process them as a unit, which can lead to more efficient computation and resource utilization.

    See [Path Monitor in Multinode High Availability.]

  • Split-brain protection support for BFD- based probing (SRX1500, SRX4100, SRX4200, and SRX4600, SRX5400, SRX5600, and SRX5800)—Starting in Junos OS Release 23.4R1, we introduce Bidirectional Forwarding Detection (BFD)-based probing for split-brain protection in Multinode High Availability. This enhancement allows you to use fine-grained control over the probing parameters, providing you the ability to specify the interface, set the minimal-interval, and define the multipliers.

    BFD-based probing starts immediately after configuring a service redundancy group (SRG) resulting in quicker response times, providing a significant improvement in the containment of potential split-brain scenarios.

    See [Path Monitor in Multinode High Availability.]

  • Support for asymmetric traffic flows in Multinode High Availability (SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, and SRX5800)—Starting in Junos OS Release 23.4R1, SRX Series Firewalls in Multinode High Availability support asymmetric traffic flows.

    While performing deep packet inspection or stateful firewall activity, it is a must that the firewall in the return path have the same state information associated with a packet flow as the state information is built in the originating firewall.

    To handle asymmetric traffic flows, the Multinode High Availability requires an additional link known as Inter Chassis Datapath (ICD). ICD has the ability to route the traffic between two nodes. It enables the nodes to redirect asymmetric traffic flows to the peer node that is originally in charge of providing stateful services for these flows.

    This feature ensures the completion of TCP security check (such as three-way handshake and sequence check with window scale factor) for asymmetric traffic flows, thereby enhancing the performance and reliability of the network.

    See [Asymmetric Traffic Flow Support for Multinode High Availability].