ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

nsrp config sync

07.20.10   |  
‎07-20-2010 07:33 AM

Afternoon all,

I have a pair of SSG-520 devices in a HA pair. I wanted to make a change to the config on one device and not sync this information across to the standby appliance until testing was complete. To do this I ran the following command "unset nsrp config sync".

I now want to sync the devices and set the config sync back to what it was, however, I'm unclear on the best method.

From the manual if I use the following cmd "exec nsrp sync global-config save" on the backup appliance it will sync the config and then ask for a restart. I will then run the cmd "set nsrp config sync" on both appliances. Done.

However, my question is this: if I didn't run the cmd "exec nsrp sync global-config save" and just set the config sync back on the appliances, will the config sync itself without the need for a reboot?

Thanks in advance,

ScreenOS Firewalls (NOT SRX)

Re: nsrp config sync

07.21.10   |  
‎07-21-2010 09:30 AM



I don't think so.  I beleive the recommended approach is to use "exec nsrp sync global-config save" and reset the box. 



John Judge

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
ScreenOS Firewalls (NOT SRX)

Re: nsrp config sync

07.23.10   |  
‎07-23-2010 02:51 AM

Thanks John,

Think I'm going to go for a manual config change on the standby box - I've only added a couple of policies and VIPs so won't take me long, especially with Windiff showing me the light.

Also, I forgot that there were significant differences anyway with the two boxes and I didn't want to overwrite these things e.g. physical interface IP addresses, priority and preempt status. By posting I've given myself some thinking time to understand this, else I may have blindly synced last week....