ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
clangro
New User
clangro
Posts: 1
Registered: ‎09-03-2009
0

What happens to a cluster if NSRP monitored interfaces go down on both of them?

Options

‎09-03-2009 05:33 AM

So I've got a pair of firewalls in a cluster. I have NSRP interface monitoring with a weight of 255 on eth2/1 on both of the FWs in the cluster.

 

My question is if eth2/1 went physically down on both of them, what would happen? I know if it went down on one it would fail over b/c the one that is down would be ineligible, but you would think in this situation both FWs are ineligible since both monitored interfaces are down.

Message 1 of 2 (2,099 Views)
 
Reply
AndyT
Contributor
AndyT
Posts: 52
Registered: ‎11-21-2008
0

Re: What happens to a cluster if NSRP monitored interfaces go down on both of them?

[ Edited ]
Options

‎09-03-2009 05:39 AM - edited ‎09-03-2009 05:44 AM

your entire firewall system will stop passing traffic.  i found out about this the hard way, whilst in the process of an isp migration.  you can remedy it using 'master always exist', see the following kb article for details:

 

http://kb.juniper.net/KB8947

 

also, check out the following document as it details very well how to configure nsrp to make sure you avoid any of the pitfalls i came across when i inherited a cluster:

 

http://kb.juniper.net/KB9809

Message Edited by AndyT on 09-03-2009 05:41 AM
Message Edited by AndyT on 09-03-2009 05:44 AM
Message 2 of 2 (2,095 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.