Table of Contents
Advertisement
Adding ScreenOS or IDP Clusters
Adding Secure Access or Infranet Controller Clusters
Copyright © 2010, Juniper Networks, Inc.
To add a ScreenOS or IDP cluster, first add the cluster object as described in "Adding
Clusters" on page 151. Next, add each cluster member either by importing or by modeling:
When importing cluster members, first ensure that their configurations are synchronized.
Next, right-click the cluster icon in the Device Manager and select New > Cluster
Member form the list and select the appropriate options to import the device
configurations from each physical cluster device member.
When modeling a cluster member, ensure that both cluster members have been added
to the cluster device object before configuring the cluster.
By default, the cluster propagates settings made in one device member to the other
device member. However, the following settings are not propagated and must be
configured on each device in the cluster: VSD group, VSD priority, authentication and
encryption passwords, managed IP addresses, and IP tracking settings. All other
commands are propagated among devices within the cluster.
For details on creating and configuring a ScreenOS cluster, see Network and Security
Manager Configuring ScreenOS and IDP Devices Guide.
To create a cluster that includes an existing device (with an existing configuration and
security policy) and a new device (with no configuration or security policy), you should:
Create the cluster.
1.
Add the existing device by importing. The Add Device Wizard automatically imports
2.
the device configuration.
Add the new device by modeling.
3.
When the device is ready, activate the device.
4.
To add a Secure Access or Infranet Controller cluster in NSM, you add the cluster and
then add each member. Adding a member is similar to adding a standalone device.
Secure Access clusters and Infranet Controller clusters can be configured by the device
administrator to operate in active/passive mode or in active/active mode. Clusters in
active/passive mode are made up of a primary member and a secondary member. All
traffic flows through the primary member. If the primary member fails, then the secondary
member takes over.
In active/active mode, traffic is load-balanced across all cluster members. If one member
fails, then load balancing takes place among the surviving members.
The number of members permitted in a cluster is different for Secure Access and Infranet
Controller clusters, and also depends on whether the cluster is configured in active/active
mode or in active/passive mode. You can have no more than two cluster members in
active/passive mode. In active/active mode you can have up to eight members in a Secure
Access cluster, or up to four members in an Infranet Controller cluster.
Chapter 4: Adding Devices
153
Advertisement
Table of Contents
