Knowledge Search


×
 

[ScreenOS] What are the minimum hardware and software requirements for NSRP?

  [KB11432] Show Article Properties


Summary:
This article provides information about the minimum requirements for running NSRP on Juniper firewalls. 
Symptoms:
Solution:
Minimum requirements:

Step 1.  Software

Both of the firewalls must run the identical ScreenOS version. When running an engineering patch version of ScreenOS, both of the firewalls must run the identical patch version:

 

Platform Active/Passive Active/Active
ISG Series 5.0.0 or above 5.0.0 or above
NS5000 Series 5.0.0 or above 5.0.0 or above
SSG550M 5.1.0 or above 5.1.0 or above
SSG520M 5.1.0 or above 6.0.0 or above
SSG300 Series 5.4.0 or above 5.4.0 or above
SSG 140 5.4.0 or above 6.0.0 or above
SSG5 & SSG20 5.4.0 or above* 6.0.0 or above*

* extended license required

Step 2.  License Keys

Both of the firewalls must have identical features and license keys that are enabled or installed.

Step 3.  Hardware

Both of the firewalls must have identical hardware. The line modules must have the same number of ports. For information on certain exceptions, refer to KB13851 - What are the hardware requirements for NSRP cluster in ScreenOS?

Step 4.  HA Port and Cable

Each firewall must have at least one port that is dedicated for the HA zone, which will carry the NSRP control traffic between the firewalls. The HA cable between the firewalls can be connected directly or via a layer 2 switch with both of the ports in the same VLAN.

In the Active/Active mode, if data-path forwarding is required, each firewall must have an additional port that is dedicated for the HA zone, which will carry the data traffic between the two firewalls.

Modification History:
‚Äč2017-12-07: Article reviewed for accuracy. Removed End of Life products from the table. Removed links for End of Life products. Article is correct and complete.
Related Links: