Example: Configuring Active/Passive Cluster (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring screenos devices guide
Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
Table of Contents

Advertisement

Related
Documentation

Example: Configuring Active/Passive Cluster (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
By default, the two cluster members are configured as active/passive after you add them
to the cluster object. NSM automatically creates VSD group 0 and transforms physical
interfaces into virtual security interfaces (VSIs) for VSD group 0.
To configure an active/passive cluster, you must:
Cable two security devices together.
1.
Select automatic RTO synchronization.
2.
Select the ports that you want the devices to monitor, so that if they detect a loss of
3.
network connectivity from one of the monitored ports, the primary device fails over.
Route Types Overview on page 295
Routing Table Entries Overview on page 305
RIP Overview on page 321
IEEE 802.1x Support Overview on page 361
Supported EAP Types on page 362
NSRP Clusters Overview on page 363
Creating an NSRP Cluster on page 365
Example: Configuring Active/Passive Cluster (NSM Procedure) on page 367
In this example, you configure two NetScreen-208 security devices, Corporate A and
Corporate B, in an NSRP cluster. Both devices are running ScreenOS 5.x. Using a cable,
connect the ethernet7 interfaces of both devices, and then use another cable to connect
the ethernet8 interfaces. Next, add the cluster and cluster member to NSM. When the
devices become members of the NSRP cluster, the IP addresses of their physical interfaces
automatically become the IP addresses of the virtual security interfaces (VSIs) for VSD
group ID 0. Each VSD member has a default priority of 100. The device with the higher
unit ID becomes the VSD group primary. See Figure 6 on page 368.
Finally, configure the cluster:
Bind ethernet7 and ethernet8 to the HA zone. By default, ethernet8 is bound to the HA
zone, so you only need to bind it to the HA zone if you have previously bound it to a
different zone.
Set manage IP addresses for the Trust zone interfaces on both devices.
Configure monitoring on ethernet1 and ethernet3 so that loss of network connectivity
on either of those ports triggers a device failover.
Select automatic synchronization of RTOs.
Chapter 13: High Availability
367

Advertisement

Table of Contents
loading

Table of Contents