Short step-by-step screenshot guide for an initial configuration of NSRP of two Juniper ScreenOS firewalls, such as the SSGs. One screenshot pack for the http GUI and another one for the Network and Security Manager (NSM) since I am always searching for the positions of the commands on it. Finally, I am listing the appropriate CLI commands.
The following commands have two HA interfaces configured (eth0/0 and eth0/1). Furthermore, two monitored interfaces were configured: eth0/8 and eth0/9.
GUI
SSG140, 6.3.0r17.0:
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
NSM
Version 2012.R3:
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
CLI
NSRP commands on the master device:
set interface "ethernet0/0" zone "HA" set interface "ethernet0/1" zone "HA" set nsrp cluster id 1 set nsrp rto-mirror sync set nsrp rto-mirror route set nsrp rto-mirror session ageout-ack set nsrp vsd-group id 0 priority 50 set nsrp vsd-group id 0 preempt set nsrp encrypt password hBsm8xVGdpqusGT set nsrp auth password cGvVjn5gYUF2yJK set nsrp secondary-path ethernet0/8 set nsrp monitor interface ethernet0/8 set nsrp monitor interface ethernet0/9
Links
- Juniper: Basic configuration steps of Active/Passive High Availability (NSRP)
- Juniper: How to configure NSRP options: secondary path, hb-interval, auth password, encrypt password, master-always-exist, link-up-on-backup
- Juniper: Conditions to use the ‘set nsrp ha-link probe’ command
- Juniper Help: NSRP Session Synchronization
- Juniper: HA LED remains green in Backup with “set nsrp rto-mirror session non-vsi”
