Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Can the backup firewall connect to the IC (Infranet Controller)?

0

0

Article ID: KB25643 KB Last Updated: 06 Jan 2021Version: 5.0
Summary:

This article describes the issue of being unable to connect the backup firewall to the IC (Infranet Controller).

 

Symptoms:

Can the backup firewall be connected to the IC (Infranet Controller)?

Firewall(B)->
Firewall(B)-> get infr con name
INSTANCE HOST Port Interface State (SSL/SSH)
==============================================
IC-VIP 10.10.10.10 11122 redundant2 Connected/Closed
Contact Interval: 10 seconds
Cleanup Infranet state delay: 180 seconds
Timeout Action: Close

SSH has already been enabled and all necessary configurations and certificates have been properly set up.

 

Cause:

This firewall behavior is by design. The Infranet Controller (IC) should have an active connection established to only the primary firewall.

 

Solution:

The reason for this is that the IC will possibly push down the authentication table to the primary firewall. The primary firewall is then expected to sync the table to the backup firewall.

Both firewalls being connected to the IC could cause a situation, wherein there may be duplicate authentication entries in the authentication table.

Note: If there is a need for both devices to connect to the IC, each device should have a manage IP address.

 

Modification History:
  • 2020-09-30: Minor, non-technical update

  • 2021-01-06: Removed EOL devices, article checked for accuracy and found valid

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search