High Availability
-
Active-active support in Multinode High Availability (SRX5400, SRX5600, and SRX5800 with SPC3, IOC3, SCB3, SCB4, and RE3)—Starting in Junos OS Release 22.4R1, you can operate Multinode High Availability in the active-active mode with the support of multiple services redundancy groups (SRGs). In this mode, some SRGs remain active on one node and some SRGs remain active on another node. Based on the SRG activeness, you can utilize the bandwidth of both the devices.
With this enhancement, we introduce the following changes:
-
Establish multiple active tunnels based on SRG activeness on both nodes.
-
Support a failover domain for each SRG.
[See Multinode High Availability.]
-
-
APBR support in Multinode High Availability (SRX5400, SRX5600, and SRX5800 with SPC3, IOC3, SCB3, SCB4, and RE3, SRX4600, SRX4200, SRX4100, SRX1500, and vSRX)—Starting in Junos OS Release 22.4R1, Multinode High Availability supports advanced policy-based routing (APBR). APBR classifies a session based on applications, and applies the configured rules to reroute the traffic.
[See Multinode High Availability.]
-
Associating an IPsec VPN configuration with a particular SRG (SRX5400, SRX5600, and SRX5800 with SPC3, IOC3, SCB3, SCB4, and RE3)—Starting in Junos OS Release 22.4R1, you can selectively and flexibly associate IPsec VPN services to one of the multiple service redundancy groups (SRGs) configured on SRX Series firewalls in Multinode High Availability.
Releases before 22.4R1 supported only SRG0 and SRG1, and SRG1 was associated to IPsec VPN by default. In 22.4R1, SRG1 is not associated to the IPSec VPN service by default. You must associate the IPsec VPN service to any of the SRGs by specifying the following statement:
[edit] user@host# set chassis high-availability services-redundancy-group srg-number managed-services ipsec