Knowledge Search


NSRP Manual failover didn't work, what should I check?

  [KB11435] Show Article Properties

NSRP Manual failover didn't work, what should I check?


The command 'exec nsrp vsd-group id 0 mode backup' is run on the Master firewall (Firewall-A) in order to manually force it to backup mode.  However, after running the command, Firewall-A is still Master.


The following might be the reasons for the NSRP manual failover to fail:

1.  Preempt is configured on Master firewall, Firewall-A, and the NSRP Priority of the Master firewall is lower than the NSRP Priority of the Backup firewall.
To avoid the above situation run the following command on master firewall in respective vsd-groups:

unset nsrp vsd-group id 0 preempt

Then run the command  "exec nsrp vsd-group id 0 mode backup" on master firewall to force it to backup.

2. The Backup firewall, Firewall-B, is in the Ineligible mode or in the Inoperable mode (these modes are not the same).  Then the manual failover might not happen and the master firewall will be forced to act as master again, although it toggles to backup mode for a brief period.

Related Links: