Good Day, require some clarity. According to Juniper online information active/active with UTM do not support EWF. So what does this exactly mean. Currently i have a SRX5800 cluster running in active/passive mode with UTM enabled. Both devices are licensed ofcourse. So theoretically when i fail the entire cluster from the primary to the secondary, the cluster is still active/passive but just the other way around, so UTM should still funtion right?(retorical). Keep in mind that the traffic will always pass through the same dataplane depending where the RG group is active, there is no possibility for Z type traffic, both LAN and WAN interfaces is in the same group always. So if we have to reset the scenario back to node0 active/ node1 passive, UTM will work. Now if i create new interfaces and new zones and new policies etc, but these interface will now be active on the secondary FW's dataplane and stay local to that firewall, it become an active/active setup, however the original traffic is still local to node 0, will UTM now cease to stop workink accross the entire box, even if the UTM policy is only configured for the traffic local to node0 as they where always?
↧