Hello.
Two ISG1000 firewalls were deployed active/passive mode. two ha link ,one for control ,one for data link. All interface were in route mode.
I find the passive firewall received lots of packets but not passed these data to active firewall.
Why ? Anyone could help me ?
After read the manual, I have a doubt the data link is only ready for active/active mode ? thanks !
===============================================================================
get ha
nsrp version: 2.0
cluster info:
cluster id: 1, no name
local unit id: 9277440
active units discovered:
index: 0, unit id: 9277440, ctrl mac: 0010db8d9007, data mac: 0010db8d9008
index: 1, unit id: 9281280, ctrl mac: 0010db8d9f07, data mac: 0010db8d9f08
total number of units: 2
VSD group info:
init hold time: 5
heartbeat lost threshold: 3
heartbeat interval: 1000(ms)
master always exist: disabled
group priority preempt holddown inelig master PB other members
0 50 no 3 no 9281280 myself
total number of vsd groups: 1
Total iteration=1916,time=2833949,max=12271,min=274,average=1479
RTO mirror info:
run time object sync: enabled
ping session sync: enabled
coldstart sync done
nsrp data packet forwarding is enabled
nsrp link info:
control channel: ethernet1/1 (ifnum: 7) mac: 0010db8d9007 state: up
data channel: ethernet1/2 (ifnum: 😎 mac: 0010db8d9008 state: up
ha secondary path link not available
NSRP encryption: disabled
NSRP authentication: disabled
device based nsrp monitoring threshold: 255, weighted sum: 0, not failed
device based nsrp monitor interface: ethernet2/2(weight 255, UP) ethernet2/1(weight 255, UP)
device based nsrp monitor zone:
device based nsrp track ip: (weight: 255, disabled)
number of gratuitous arps: 5
config sync: enabled
track ip: disabled
Nsrp arp counts: 5, interval: 1
Nsrp VSD group counts:
group st_chg to ms pb bk inop ineli init dup_ms dup_pb hb_tx hb_rx
---------------------------------------------------------------------------
0 4 1 2 0 1 0 0 0 0 1718 1665
RTO mirror group has not been defined
thanks!
#link#data#isg1000#HA