Configuring Interface Monitoring; Configuring Zone Monitoring - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring Interface Monitoring
Configuring Zone Monitoring
Copyright © 2010, Juniper Networks, Inc.
(the total weight of the cumulative failed attempts) in the Track IP tab. The default is 1;
acceptable values are from 1 to 255. A failure to reach any configured tracked IP address
causes routes associated with the interface to be deactivated.
For each interface, you can configure up to four IP addresses to track. The tracked IP
addresses do not have to be in the same subnetwork as the interface. On devices running
ScreenOS 6.3, track IPs supports IPv6.
NOTE: A single device can track 64 IP addresses. This total includes all track
IP addresses for interface-based IP tracking and for NSRP-based IP tracking
at the root level and vsys level.
The device uses NSRP to check that the physical ports are active and connected to other
network devices. When the port is inactive, the device considers the interface failed.
The process for adding an interface to monitor is as follows:
Edit the cluster by selecting and editing its members.
Select Monitoring > Whole Box Monitoring.
Use the Monitor Interface tab to select all the interfaces that need to be monitored
and assign a weight to each interface in the device or VSD group to indicate the
importance of that interface. The higher the weight, the faster the failover threshold
is met. For example, if the untrust interface is more important than the management
interface, assign the untrust interface a higher weight than the management interface.
For example, when using two VSD groups (VSD 1 and VSD 2) configured on two devices
(device A and device B), if a port on a master device in a VSD group fails, you can configure
VSD 1 to fail over from the primary VSD group on device A to the backup VSD group on
device B. VSD 2 remains active on device A.
The device uses NSRP to check that all physical ports in a zone are active and connected
to other network devices. When all ports within the zone are inactive, the device considers
the zone failed.
You can assign a weight to each zone in the device or VSD group to indicate the
importance of that zone. The higher the weight, the faster the failover threshold is met.
For example, if the DMZ zone is more important than the trust zone, assign the DMZ zone
a higher weight than the trust zone.
All interfaces bound to the monitored zone must fail before the device considers the zone
down. Specifically:
Chapter 13: High Availability
377
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?
Questions and answers