Re: VPN/SSL Cluster Active/Passive and Virtual Por...

wadcyr8_197_ · ‎11-14-2011

I have an Active/Passive cluster of SA4500 in my production environment.

In order to open access to a new service I need to assign a new certifcate (in addition to the existing) with a different DNS name to the cluster.

I need to know if when you create a External Virtual Port on the cluster, the IP assigned to this port is equivalent to a second VIP for the cluster, or is dedicated to a node of the cluster.

I am worry about the failover mechanism... if i do assigment of the new certificate to this Virtual port, I need to know if in case of failover, the second node will use this IP or not ?

I have only a single node in my test environment, so I cannot do a test...

Thanks for you help...

NULL_ · ‎11-14-2011

Hi wadcyr8_197,

why don't you use a DTE Edition of Juniper SA, it does work on ESXi without any problems!

Clustering is possible so you should be able to handle every possible case in a virtualised environment.

LINK to DTE - www.juniper.net

If you need to have the latest version of Juniper SA, use initially the DTE Image for deployment and then Upgrade it through a normal appliance image.

Regards

NULL

wadcyr8_197_ · ‎11-14-2011

Hi NULL,

Thank you for the answer... I didn't know the DTE Edition... I wil try it right now

thanks

VPN/SSL Cluster Active/Passive and Virtual Port

VPN/SSL Cluster Active/Passive and Virtual Port

Re: VPN/SSL Cluster Active/Passive and Virtual Port

Re: VPN/SSL Cluster Active/Passive and Virtual Port