O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Case Study 12-1

Now that you have covered all of the concepts related to transparent mode, let’s bring it all together and provide a full configuration example, along with the use of chassis clustering to achieve an HA solution.

There really isn’t much difference between clustering a transparent mode pair and clustering a Layer 3 mode pair, from a configuration or concept perspective—you just need to be aware of the surrounding networking configuration to accommodate transparent mode.

This case study performs the following configuration according to this book’s network diagram (see Figure 12-4):

Case Study 12-1 network diagram

Figure 12-4. Case Study 12-1 network diagram

  • Create a chassis cluster with the two SRX3600s that protect the DMZ. Configure all of the properties of the HA cluster as you see fit (except the interfaces as described shortly). Use ge-0/0/9 and ge-13/0/9 for the data links.

  • Support trunk link reth0, which will serve as the backbone link. Reth0 will have two tagged VLANs, one for VLAN 100 and another which allows VLAN 30 inbound, but translates it to VLAN 1. Reth0 will be composed of the physical interfaces ge-0/0/0 and ge-13/0/0.

  • There will be four other Reth interfaces which connect into a switch before connecting to the end servers. These will all use the access mode interfaces. Reth1 will belong to the VoIP PBX zone and will be composed of ge-0/0/1 and ge-13/0/1. Reth2 will be in the WebApp zone ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required