Screen OS

Hi Community,

I've setup a firewall cluster with the following caracteristics:

• ScreenOS 6.1r5
• cluster in Active/Passive NSRP mode with route synch
• All interface are in the same OSPF area
• In receive OSPF external type 1& 2 (E1, E2) route + intra area route (O)
• Initially Master firewall know all route O,E1,E2
• Initially Backup firewallknow all route (backup) Ob, E1b, E2b

Now the problem

1. Master firewall failover to backup firewall (because of a router reboot)

2. Backup Firewall come master, used backup route until it learn istelf all route (as expected)

3. The old master is now backup. it will never learn again the OSPF external route (E1,E2), but "O" route a correctely learned

 Have I missed something into my configuration?

Thank you in advance for your help

Vince

Did you have below commands in both firewalls?

set nsrp rto-mirror sync
set nsrp rto-mirror route

I think you are hitting a known issue, "Backup NSRP firewall loses synced OSPF routes".

This is planned to be fixed in 6.10r7 but you can also open a case to provide a patch if needed. 

Thanks,

Cesar

Hi Cesar,

Thank you for your answer.

In fact the "set nsrp rto-mirror route" resync all route from the Master firewall. I d'ont find the KB or isse than you speak about : "Backup NSRP firewall loses synced OSPF routes".

I just found the this : http://kb.juniper.net/index?page=content&id=KB9885&actp=search&searchid=1248853180800 , but I don't use the untrust-vr.

Can you provide me a link ?

Regards,

Vince 

Hi Cesar,

You were totally right. I've opened I case and JTAC provide me a patch.

Thank you very much.

For poeple with the same issue: open a case with the known issue "438794" " NSRP Backup firewall loses sync'ed OSPF routes" to obtain the needed patch.

Best regards,

Vince