I have two new SRX 1500s that I've configured in a chassis cluster (using the 10-gig SFP xe-0/0/19 as fabric), which appears to be functioning, and which are going to replace two Cisco ASA 55xx series that are heavily overtaxed and outdated.
The Ciscos are also in an active-passive HA pair, and are meshed into a pair of core switches through creating a redundant ethernet device across two of the physical ethernet ports on each firewall, split into sub-interfaces per vlan.
I am hoping to do something similar here: create a fully meshed connection between the two SRX and the two switches. From my research, it appears that the proper method is to create a "reth" (seems to be similar to the redundant ethernet interfaces I currently use on the Cisco) consisting of the pertinent ethernet interfaces from node 0 and node 1. Something like:
set interfaces ge-0/0/1 gigether-options redundant-parent reth1
set interfaces ge-0/0/2 gigether-options redundant-parent reth1
set interfaces ge-7/0/1 gigether-options redundant-parent reth1
set interfaces ge-7/0/2 gigether-options redundant-parent reth1
Then add a logical interface to reth1 for each vlan? The part where I'm a bit lost is how I'm actually going to go about connecting reth1 via those four ports to the core switches. I'm assuming that at some point I need to set up a LAG between them (however the SRX side doesn't appear to like setting up a LAG using several physical ports from both node 0 and 1).
Am I on the right track at all?
↧
SRX 1500 Chassis Cluster meshing to F10
↧