Hi all and sorry to distrub you.

  I deployed two SSG FW last week , use the Transparent mode and HA features with NSRP.but now it appears some serious problem.

  The two box's e0/8  are configed to the v1-trust zone . e0/9 are configed to the v1-untrust zone , The Vlan1 IP is set as 192.168.170.10 on both two box.

  The master box's manage IP is 192.168.170.11 , exactly the second IP or manage IP of the vlan1 

  The slave box's manage Ip is 192.168.170.12 

  The configuration is also very simple , just some few steps:

  set interface e0/8 zone v1-trust

  set interface e0/9 zone v1-untrust 

  set interface e0/7 zone HA

  set interface vlan1 ip 192.168.170.10

  set interface vlan1 manage-ip 192.168.170.11

  set interface vlan1 ip manageable

  set zone v1-untrust manage ping

  set zone v1-trust manage web

  set policy id 2 form v1-trust to v1-untrust any any any permit

  set route 0.0.0.0/0 interface vlan1 gateway 192.168.170.1

  set nsrp cluster id 1

  set nsrp rto-mirror sync

  set nsrp vsd-group id 0 piority 10

  set nsrp vsd-group id 0 preempt

  set nsrp vsd-group id 0 monitor interface e0/8

  set nsrp vsd-group id 0 monitor interface e0/9

The same as the slave box

Now the problem is :

  when NSRP is take effect ,  I can't manage the box master  from trust zone , I can only open the web ui or telnet the slave box 192.168.170.12 , all 170.10/170.11/170.12 can ping,only 170.12 can login it .

  but if I connect my PC and box directly , I can manage it .

  BTW, the Auto-sync is failure.

  So , this is my question ,,,  and thanks in advance

the toplogy is in the attachment