Hi,
I have VRRP setup on my two SRX550's
We had one internet line up until recently so all of our VLANs were using FW01 as the master node. Machines in vlan.68 were able to contact vlan.40 with no issues.
However we now have a secondary line in place and as a result, vlan.68 is now using FW02 as the master node and can no longer get to vlan.40
Below is the config
vlan.68 - Mortgage
FW01# show interfaces vlan.68
family inet {
address 10.68.0.2/24 {
vrrp-group 68 {
virtual-address 10.68.0.1;
priority 150;
accept-data;
}
}
}
FW02# show interfaces vlan.68
family inet {
address 10.68.0.3/24 {
vrrp-group 68 {
virtual-address 10.68.0.1;
priority 200;
preempt;
accept-data;
track {
interface ge-0/0/5 {
priority-cost 100;
}
}
}
}
}vlan.40 - Servers
CR-FW01# show interfaces vlan.40
family inet {
address 10.64.40.2/24 {
vrrp-group 40 {
virtual-address 10.64.40.1;
priority 200;
preempt;
accept-data;
track {
interface ge-0/0/5 {
priority-cost 100;
}
}
}
}
}
FW02# show interfaces vlan.40
family inet {
address 10.64.40.3/24 {
vrrp-group 40 {
virtual-address 10.64.40.1;
priority 150;
accept-data;
}
}
}Firewall policy
policy mortgage-to-servers {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}