Hi Guys,
I am a network engineer and i have touched firewalls in general and in depth with Cisco ASA and Checkpoint.
But Juniper is a new beast to me, i have been digging a bit in a network that i need to master for a project. They use a Juniper firewall as external and internal firewalls.
I will probably have some seriously basic questions but here i go. The design is that they have a cluster which spans 2 data centers. So the master in in DC1 and the slave is in DC2, between them they have redundancy.
Am i correct in assuming the following: Redundancy Group 0 and 1 are for control plane and data plane respectively? It's probably also 2 physical cables? spanned via a switch or an IP network between the 2 firewalls in the clusters.
We have VRRP running on our Cisco network if they need SVI (layer 3 vlan), but for a lot of vlan's the firewall is the layer 3 endpoint. So i have seen the following: For each vlan you define an interface on the firewall (sub interface) you follow the vlan naming convention as the interface naming convention. It's like running Routing on a Stick. I follow there, but the interface only has 1 IP.
So in HSRP or VRRP each interface on the device has an IP and they share a VIP. But in the Juniper firewall the IP is the same across the cluster correct? Is also the MAC the same or does the Juniper performs a grat ARP during failover?
Is there a comprehensive guide to understand this fail-over scenario?
Thanks in advance.
No comments:
Post a Comment