how to integrate Juno space with SRX cluster

to integrate SRX cluster to Juno space is not straight forward. you have a couple of solutions

1. bidirectional NAT on backup router is best solution, source nat your Juno space server to an ip in same subnet as both Fxp0.0 destination NAT two ip to both fxp0.0 as well. ( yourJuno space is isolate with cluster management IPs)

2. backup route
never use backup route 0.0.0.0/0, please use specified ip as following, please remember, backup-router is only working for standby node, not working with active node, for active node you can use static route, but you might have problem if your cluster works as your main router in your network, all traffic to Juno space server will be affect via this cluster. you might need use static route base on source IP to fix the connection between other devices to Juno space.

groups {
    node0 {
         ...
            backup-router 192.168.1.254 destination 172.16.1.1/32;
            ...
    }
    node1 {
            ...
            backup-router 192.168.1.254 destination 172.16.1.1/32;
            ...
    }

routing-options {
    static {
        route 172.16.1.1/24 {
            next-hop 192.168.1.254;
            retain;
            no-readvertise;
        }
        route 172.16.1.1/24 {
            next-hop 192.168.1.254;;
            retain;
            no-readvertise;
        }
    }
}

please stay away from c2960-lanbasek9-mz.150-2.SE4.bin

when you upgrade your Cisco switches please stay away from c2960-lanbasek9-mz.150-2.SE4.bin
some memory leak issue with that IOS, you will lose management function and console login, power recycle is the the only solution, please go to c2960-lanbasek9-mz.150-2.SE5.bin.

my 2960G box with c2960-lanbasek9-mz.150-2.SE5.bin is working well so far after 1 week running

a week later:
Processor Pool Total:   22308940 Used:   17780540 Free:    4528400
      I/O Pool Total:    4194304 Used:    2370432 Free:    1823872
Driver te Pool Total:    1048576 Used:         40 Free:    1048536

 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
   0   0   23952480    7400780   13583992          0          0 *Init*
   0   0  257652368  249016528    1294992    4394643    1973474 *Dead*
   0   0          0          0     525600          0          0 *MallocLite*
  63   0     368228    2885616     377788          0          0 EEM ED ND
 150   0     530624     150712     374176          0          0 Auth Manager

a week ago:

Processor Pool Total:   22308940 Used:   17782724 Free:    4526216

      I/O Pool Total:    4194304 Used:    2426304 Free:    1768000

Driver te Pool Total:    1048576 Used:         40 Free:    1048536

 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process

   0   0   23952480    7400780   13798056          0          0 *Init*

   0   0   17531824   16289416    1257068    4394643    1973474 *Dead*

   0   0          0          0     394440          0          0 *MallocLite*

  63   0     368228       5940     377788          0          0 EEM ED ND

 150   0     416140      54596     374052          0          0 Auth Manager

slow web site browsing with Bluecoat SG proxy

when you put your bluecoat proxy  SG as inline transparent mode, you have chance getting in trouble:
slow browsing speed with some website, takes 1 minutes to load a homepage, here is some information about this issue

1. you might use private ip as your management ip
2. you might or might not have ip configured on passthrough interfaces
3. when you put that server ip in static bypass list of proxy services, everything looks good

you can capture the packets when you have problem, you might see some packet from your management ip to the website,

you can check the setting of proxy
you need select the checkbox otherwise the browsing won't work

reflect client ip
   reflect client's source IP when connecting to servers


for the slow issue, what you can do: 
1.configure a valid public IP with Wan Port.
2.set you internet gateway as the default gateway
3. install static route for your management traffic.