Hi,
______________________________________________________________________________________________
also configured interface monitoring for all the data interface which will trigger a failover if any one of the data interface failed. I'd like to know if in the event that SW1 is totally down, how does the firewall behave in terms of failover?
______________________________________________________________________________________________
This may depend on the interface monitoring weight. With interface monitoring, the redundancy group has a default threshold of 255 [hardcoded]. Whenever an interface fails, the threshold gets reduced by the link weight. For failover to happen, the threshold needs to reach 0, which makes node 0 priority to become 0 [ineligible], thus triggering redundancy group 1 failover.
https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide.pdf
Could you check the weight:
show chassis cluster interfaces | find Monitoring
Also, I did not understand why this is not a supported scenario.
Its not supported when the LAG is between interfaces on 2 SRX nodes due to possibilty of traffic being load balanced onto passive node. The LAGs are terminating on the same SRX node in this case.
Quoting:
"Notice that the switch interfaces are in one LACP bundle and it is supposed to load balance; which means that it will send one packet to ge-3/0/0 and the next packet to ge-15/0/0, towards the SRX.
Assume that Node0 is active, the first packet sent to ge-3/0/0 will go through and the packet to ge-15/0/0 will be dropped as Node1 is passive.
This is a non-supported configuration."
IMO, this scenario is supported as the principle of having LAG between the same SRX node is followed [I am assuming ae6 & ae7 on the EX are independent ae interfaces, i.e no VC, no MC-LAG].
Cheers,
Ashvin