SSG520 Verify HA NSRP Sync

Raj909 · ‎10-20-2008

We have 2 SSG520 devices (SSG1 and SSG2) running 5.4r7.0 and they were in HA (Active/Passive). We moved to a new datacenter and took the Passive device (SSG2) to the new datacenter, reconfigured it as a Master and migrated all VPN tunnels to this device. We brought the old master (SSG1) to the new datacenter, reconfigured it as a Backup and need to confirm they are back in sync.

I called Juniper and they said they are in sync, but I am seeing differences in the routes. Please assist. Once in sync, the backup (SSG1) needs to be imported into NSM and added to the current Cluster.

Thanks

WL · ‎07-26-2008

what do you mean differences in the route? It can happen if the interfaces or things have changed since last. Can you show what is different between the 2 fw in terms of route.

****pls click the button " Accept as Solution" if my post helped to solve your problem****

Raj909 · ‎10-20-2008

What I mean in terms of routes is, there are eB (BGP) routes on the Master that are on not on the Backup.

WL · ‎07-26-2008

if they are eBGP routes then its correct. We only support dynamic route syn from 6.0r2 onwards and you are running 5.4 right now, so it means that the dynamic routes will not be synced over to the backup.

****pls click the button " Accept as Solution" if my post helped to solve your problem****

Raj909 · ‎10-20-2008

That answers it. Thanks for your help!

SSG520 Verify HA NSRP Sync

Re: SSG520 Verify HA NSRP Sync

Re: SSG520 Verify HA NSRP Sync

Re: SSG520 Verify HA NSRP Sync

Re: SSG520 Verify HA NSRP Sync