Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

NSRP or VRRP?

Jump to Best Answer

Erdem12-13-2009 11:32

Hello, I'm seting up a pair of SSG329M firewalls in an active passive cluster and was wondering whether ...

michel.tepper12-13-2009 12:26Best Answer

Hi Pete, you did your homework very well. It works as you state, but: NSRP offers more. Most important ...

1. NSRP or VRRP?

0 Recommend
Erdem
Posted 12-13-2009 11:32
Hello,
I'm seting up a pair of SSG329M firewalls in an active passive cluster and was wondering whether to use NSRP or VRRP. Would one be preferential over another?

I've got a good idea about VRRP, the two boxes would have different physical addresses on their matching interfaces but would share a virtual address. However I'm not sure about NSRP so would need to do some reading, but basically, correct me if I'm wrong, each of the 2 firewalls would have identical addresses on their matching interfaces and only one at a time would service ARP requests? And if I wanted management access to an interface on the box in passive mode I'd need a management address on that interface?

Thanks,
Pete.
2. RE: NSRP or VRRP?
Best Answer

0 Recommend
michel.tepper
Posted 12-13-2009 12:26
Hi Pete,

you did your homework very well. It works as you state, but: NSRP offers more. Most important is Real Time Object synchronization. With a VRRP failover all sessions and other RTO's need to reestablished. For clustering NSRP is tour only logical choice!

Powered by Higher Logic