KB ID 0001045
Problem
While trying to deploy Solarwinds to monitor a Juniper SRX failover cluster, we were having no joy connecting to the management interface of the secondary/standby firewall. The management (fxp0) interface on the primary (node0) firewall we could get to OK.
]
After jumping on the secondary firewall (via the console connection) we observed the following;
error: the routing subsystem is not running
Solution
As you can see (above) I couldn’t get the routing services started. And I soon found out, this is quite normal, the primary (active) firewall maintains the routing instance, the secondary firewall does not.
Well that fine but what about out Solarwinds box, what happens if the secondary firewall goes down? No one would know, and we also can’t take daily backups of its config.
To fix this problem you need to use the ‘backup-router’ command. This lets the appliance maintain some routes in the event that it is not hosting the live routing instance.
1. I’ll connect to to the primary firewall from this console session on the secondary firewall with the following command;
2. Now I can add the backup-router routes, but assign them to the secondary (node1) firewall. Note: Where 192.168.100.1 is the next hop.
To get traffic back to the Solarwinds Management Server
set groups node1 system backup-router 192.168.100.1 destination 10.1.20.10/32
To get traffic back to the Cisco ACS Appliance
set groups node1 system backup-router 192.168.100.1 destination 10.1.20.10/32
3. Don’t forget if the firewalls failover you will have the same problem (but the opposite way round), so I need the same to the primary node as well.
To get traffic back to the Solarwinds Management Server
set groups node0 system backup-router 192.168.100.1 destination 10.1.20.10/32
To get traffic back to the Cisco ACS Appliance
set groups node0 system backup-router 192.168.100.1 destination 10.1.20.10/32
3. Save the config with a ‘commit’ command.
Related Articles, References, Credits, or External Links
NA
