We have two old srx240 firewalls and one of them failed with the primary partition getting corrupted and the secondary partition with old software. We rebuilt the firewall with the same version and updated both partitions but the problem I am having is the secondary thinks it is the primary. I have disconnected all the cables and connected only the fabric ports but the show chassis fpc pic-status show the ports online but the two firewalls never sync. Is there a way to manully tell the back up firewall to be secondary? Or why are they not talking to each other it has been over a week and they still have not changed?
Cluster Config and RE sync happens over the control link, ge-0/0/1 for srx240. If you do not have this connected they will not see each other / sync. Fabric link needs to be configured, my guess is that configuration for fabric link is not present, hence they are not able to see eachother over the fabric link.
Could you please provide the below output from both firewalls?
> show version
> show chassis cluster status
> show chassis cluster interfaces
> show configuration interfaces fab0
> show configuration interfaces fab1
> show interfaces terse
I would do the following:
> Ensure both firewalls show the same cluster-id "show chassis cluster status" and software version is the same "show version"
> Check the fabric link configuration on both firewalls?
> "show configuration interfaces fab0"
> "show configuration interfaces fab1"
> Power off the secondary firewall (one meant to be secondary)
> Connect the control and fabric links. Control link would be ge-0/0/1, fabric link would be as per the above configuration
> Bootup the secondary firewall
> Ensure pics are showing online in "show chassis fpc pic-status"
If this does not help, please help collect the above mentioned commands again: