Configuring VRRP on a Juniper SSG

A few weeks ago, i was confronted with a Juniper Secure Services Gateway (aka SSG) for the first time. After playing a little bit with the box, i quickly learned to like her.
Okay, it took a time to get used to the CLI with its behaviour and the Virtual-System/-Router stuff, but the WebUI is very intuitive and easy to use for the first steps.
Somewhere along the way, i intended to configure VRRP between two SSG140 firewalls but i couldn’t find it neither in CLI nor in WebUI.

I sift through the endless depth of Juniper website and discovered that VRRP was firstly introduced in ScreenOS 6.1.
My SSG140 sadly was running ScreenOS 6.or2. Thus i downloaded a 6.1 version and installed it.
Anyway there was still no possibility to configure VRRP via WebUI…

But here comes the necessary steps to configure VRRP with CLI:

set interface ethernet0/6 protocol vrrp
set interface ethernet0/6 protocol vrrp enable            # activate VRRP for eth6/0
set interface ethernet0/6 ip 192.168.1.253/24             # "real" IP for VRRP group 1
set interface ethernet0/6:1 ip 192.168.1.254/24           # virtual IP for VRRP group 1
set interface ethernet0/6:1 protocol vrrp preempt         # preemption (if desired)
set interface ethernet0/6:1 protocol vrrp priority 50     # priority (default is 100)

You can obtain inforbations about VRRP with the “get vrrp” command:

SSG-140-> get vrrp ?
interface            vrrp info for all interfaces
statistics           vrrp statistics
virtual-group        vrrp info for all virtual groups
SSG-140->

A lot of restritions:

  • works only for native ethernet interfaces, not for bridge-groups
  • only use of one VRRP group supported per interface
  • no secondary VRRP ip possible
  • either VRRP or NSRP can be activated for the whole device, not both
  • no VRRP authentication supported

Hope this helps you, if you really need VRRP. But i think NSRP (NetScreen Redundancy Protocol) is the better choice.

2 comments to Configuring VRRP on a Juniper SSG

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>