Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Can the backup firewall connect to the IC (Infranet Controller)?

0

0

Article ID: KB25643 KB Last Updated: 02 Nov 2015Version: 3.0
Summary:
This article describes the issue of being unable to connect the backup firewall to the IC (Infranet Controller). 
Symptoms:
Can the backup firewall be connected to the IC (Infranet Controller)?
Firewall(B)->
Firewall(B)-> get infr con name
INSTANCE HOST Port Interface State (SSL/SSH)
==============================================
IC-VIP 10.10.10.10 11122 redundant2 Connected/Closed
Contact Interval: 10 seconds
Cleanup Infranet state delay: 180 seconds
Timeout Action: Close
SSH has already been enabled and all necessary configurations and certificates have been properly set up.


Cause:
This firewall behavior is by design. The Infranet Controller (IC) should have an active connection established to only the Master firewall.


Solution:
  • The reason for this is that the IC will possibly push down the Authentication table to the Master firewall.

  • The Master firewall is then expected to sync the table to the backup firewall.

  • Both of the firewalls being connected to the IC could cause a situation, in which there are duplicate authentication entries in the authentication table.

NOTE : If in case there is need for both devices connect to IC, each device should have manage IP
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search