Announcement

Collapse
No announcement yet.

Juniper Active-Active and adding third FW questions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Juniper Active-Active and adding third FW questions

    Hi,

    I have few questions regarding Juniper SSG-320M.
    We Have 2 Juniper SSG-320M working in Active-Passive mode and its ability to handle 64K concurrent sessions are sometimes not enough.
    So I thought to change the configuration to Active-Active.

    I do not understand the Con's from their website since I do not have full knowledge in Firewalling. Your help is appreciated. The con's are:
    Complex to design - Why?
    Data path forwarding may affect performance - Why?
    No dynamic route synchronization - that I understand

    Second,
    Can I add a third non Juniper brand FW in the current cluster. for example adding Fortinet to the Juniper Cluster?

    Many Thanks

  • #2
    Re: Juniper Active-Active and adding third FW questions

    I don't really know much about juniper and can't answer your other questions

    however, I suspect you would not be able to add a fortinet to the juniper cluster - the OS is rather different.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Juniper Active-Active and adding third FW questions

      Originally posted by askms View Post
      Hi,

      I have few questions regarding Juniper SSG-320M.
      We Have 2 Juniper SSG-320M working in Active-Passive mode and its ability to handle 64K concurrent sessions are sometimes not enough.
      So I thought to change the configuration to Active-Active.

      I do not understand the Con's from their website since I do not have full knowledge in Firewalling. Your help is appreciated. The con's are:
      Complex to design - Why?
      Data path forwarding may affect performance - Why?
      No dynamic route synchronization - that I understand

      Second,
      Can I add a third non Juniper brand FW in the current cluster. for example adding Fortinet to the Juniper Cluster?

      Many Thanks
      Do you have a link to the document you are referring to? Is it this one

      http://kb.juniper.net/InfoCenter/ind...ent&id=KB11402


      Did you see the footnotes at the bottom?

      Notes, KBs, and references

      Note: The total number of sessions divided between the two devices in an Active/Active configuration cannot exceed the capacity of a single security device (otherwise, in the case of a failover, the excess sessions might be lost).

      Note: Useful KB reference: KB7840 - How to determine cluster is in Active/Active setup

      Note: Useful KB reference: KB5807 - Which devices support Active/Active in transparent mode.

      Note: There are design considerations in configuring Active/Active configurations. Juniper recommends contacting Juniper Networks Professional Services to assist with the design. For more information, refer to Juniper Networks Customer Services.
      I would hazard a guess that if you have a maximum of 64,000 connections setting up your devices in Active/Active would not give you 128,000 connections.

      Comment


      • #4
        Re: Juniper Active-Active and adding third FW questions

        Thanks you

        Comment

        Working...
        X