Netscreen firewalls setup in Active/Passive mode will have the letter “M” or “B” in parenthesis with the hostname to indicate status of Master or Backup. Example: Firewall1(M):
To check the current HA status on a firewall run:
“get nsrp”
To check if the configuration is sync’d between the two firewalls run:
exec nsrp sync global-config check-sum
To resync without a reboot:
exec nsrp sync global-config run
Or, to resync the cluster in a way that requires a reboot:
exec nsrp sync global-config save
If both firewalls indicate the status of “master”, check the HA interface connections: (run “get interface” to show which interfaces are being used for the HA connection)
Example:
labfw1(M)-> get int
A – Active, I – Inactive, U – Up, D – Down, R – Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.128.190.23/28 MGT 001b.c065.b480 – U – Root
eth1/1 0.0.0.0/0 Untrust 0010.dbff.2070 – U 0 Root
eth1/2 0.0.0.0/0 Trust 0010.dbff.2080 – U 0 Root
eth1/3 0.0.0.0/0 Null 0010.dbff.2090 – D 0 Root
eth1/4 0.0.0.0/0 HA 001b.c065.b48a – U – Root
vlan1 0.0.0.0/0 VLAN 0010.dbff.20f0 1 D 0 Root
null 0.0.0.0/0 Null N/A – U 0 Root
labfw1(M)->
In this example interface eth1/4 is being used for HA communication between the two firewalls
