Hi Will, I have some but with A/A. We have some problems but we are not sure if this is caused from IDP or from A/A misbehaver. We have open ticket and working on that.
You need licenses on both nodes fist of all. Also the signature database should be downloaded and update to each node. You need Internet access to do that, but only first node is able to use the interfaces which are used for forwarding data. So second node has no way to download the signature database. We are using NSM and it succeeds to update the database on both nodes. So I suppose that fxp0 could be used from both nodes to download it from Internet, but I don't know how good idea is to provide Internet access to the management interface. Regarding the signatures tunning we are relying on Recommended set provided from Juniper. These templates are also download from Internet. Hope this helps! regards, On Fri, Oct 1, 2010 at 06:19, Will McLendon <wimcl...@gmail.com> wrote: > Aloha, > > does anyone out there have any experience deploying an SRX3k series (3400 > cluster strictly A/P), with IDP services? Anyone know of any A/P > IDP-specific gotchas? or recommendations on running IDP in an A/P > configuration? > > we are looking to deploy this setup for a customer in the next month or > two, and just curious to hear some real-life deployment stories (horror or > otherwise!). Currently i'm looking at deploying the current JTAC > recommended code of 10.1R3. > > We have our fair share of battle scars from last year with some of the > branch boxes (9.5-9.6 timeframe) even without the hassle of UTM or IDP > features. Needless to say we've learned our lesson on selling a 'branch > box' even though the stated speeds/feeds seem more than sufficient (ready > for the SRX1400 to come out...). i've read and heard that the 3k/5k are > much more stable . . . here's to hoping! > > Thanks, > > Will > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Best Regards! Ivan Ivanov _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp