使用网线或者使用Esxi或者VM的网络将两台vSRX防火墙的ge-0/0/1和ge-0/0/2口互联起来,ge-0/0/1接口作为Control Link,ge-0/0/2接口作为Fabric Link
将防火墙还原到只设置了root密码的状态,两台设备的root密码保持一致
使用set chassis cluster cluster-id 2 node 0 reboot命令将第一台防火墙配置为集群2的第一台设备并重启设备
使用set chassis cluster cluster-id 2 node 1 reboot命令将第二台防火墙配置为集群2的第二台设备并重启设备
设备重启完成后,需要在node0设备上进行以下配置来解决管理接口的地址冲突
set groups node0 system host-name Mylab-FW1
set groups node0 interfaces fxp0 unit 0 family inet address 100.100.100.1/24
set groups node1 system host-name Mylab-FW2
set groups node1 interfaces fxp0 unit 0 family inet address 100.100.100.2/24
set apply-groups ${node}
commit and quit
#这个时候防火墙的名称分别变为Mylab-FW1和Mylab-FW2
下面我们进行Redundancy Group的配置
#使用cluster reth-count明确声明需要配置几个RG组
set chassis cluster reth-count 2
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 99
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 99
#配置Fabric Link
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-7/0/2
#注意vSRX在完成Cluster之后,备用主机的接口为主用设备接口+7
配置Redundant Interface
#配置冗余接口
set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-0/0/4 gigether-options redundant-parent reth2
set interfaces ge-7/0/3 gigether-options redundant-parent reth0
set interfaces ge-7/0/4 gigether-options redundant-parent reth2
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family inet address 10.1.1.10/24
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 0 family inet address 202.100.1.10/24
检查HA的状态