My setup includes two MX84's in Warm Spare configuration and we have two ISPs
Our primary ISP contains a /29 IP block and /30 gateway, meaning we can only configure one MX for this ISP.
Our secondary ISP contains a /29 IP block, so I have set up both WAN2 Uplinks with an IP from this block and want to set a VIP.
My Question is, if I want to set the VIP for the Secondary Uplink, can I leave the field blank for the Primary Uplink and have the VIP be 'ignored' for this Uplink? Or, once VIP is enabled, it has to be set for both Uplink sets (WAN1 and WAN2)?
I'm pretty sure you can't do that but I never tried it either.
When using vip
wan1 vip is required.
Wan2 vip is optional.
"the secondary uplink virtual IP for a warm spare is an optional field. But if a warm spare is configured and the second uplink is enabled, and the virtual IP is not set, the security appliance will not behave correctly."
Thanks, is that quote from a documentation article? I believe it, just couldn't find it myself anywhere.
And interesting that it notes it as "optional but will not behave correctly without". Doesn't sound so optional to me, then.
I would say I configure the VIP address for maybe 25% of the HA setups we do.
Is there a reason you feel you need to use VIP?
Our public IP needs to remain static for scenarios with outside vendors, where they whitelist IP for connecting to their services (FTP, etc.)
If a vendor can whitelist one IP address they can whitelist two. Just tell them this is our "primary" and this is our "DR". I'd be surprised if they didn't when explained like that.