We have Juniper SSL VPN 4500 box and 2 x Juniper SSG550M Firewalls.
Both firewalls are configured fir DR with NSRP (Active/Passive). Once you update configureation on one box its automatically syncchronised with the other box which is working great.
Tthe Juniper SSL box is configured and working fine.
We have recently purchased another SSL VPN 4500 box and would like to configure it for DR as well, like the firewalls.
How do you do this?
The subnet where the first SSL box sits has been streched across our network to the secondary Data Centre.
Creating a cluster will not cause any disconnect, but joining the cluster may depending if the VIP is transfered between the two nodes. To ensure the VIP states on the exisiting node, modify the sync rank higher (in the cluster settings) on the existing node. This will tell the device to consider the existing device to be the VIP first before the other device.
No additional licensing is needed on the boxes unless you considering increasing the load on the cluster to above the existing license installed on the box. The recommendation is to ensure both devices in the A/P cluster have the same number of licenses. When the two nodes are joined to the cluster, it will add both licenses from the two nodes to calcuate the total number of users allowed for the whole cluster.
Thanks a lot Kita.
Thanks a lot for your post and link.
Has the firmware on both boxes be the same before configuration?
It's little bit old and what I would like to do is to upgrade the firmware on the second box to the newest version, then configure it for the DR (if possible), take the primary box down so it can failover to the backup box, upgrade the firmware on the primary box to the same ver. as backup box and plug it back in.
Will this work?
Also when migrating from standalone to DR is the any downtime required?
The primary box is up and running and would like to start creating the cluster, the problem is i/m not sure if this is not going to introduce any downtime?
I would like to prepare the primary standalone box for DR by creating a new cluster on it but my main concern is that this will disconnect the current sessions...Will it?
Also do I need any additional licenses for configuring the box with cluster?