Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How do I swap out HA units with minimal downtime?



Article ID: KB6717 KB Last Updated: 26 Dec 2020Version: 4.0
How do I swap out HA units with minimal downtime?
Need to replace the NSRP units HA pair in active/passive mode.

Below is the recommended process to follow when swapping out a pair of NSRP/HA units.

1. Backup and store a copy of the configuration file from both the primary and Backup units.

2. Completely disconnect the original Backup unit

3. On the Backup replacement unit configure the following:

  1. Configure the root username and password to match that on the primary unit
  2. Configure the NSRP cluster ID
  3. Define the NSRP VSD Group
  4. Set NSRP RTO to Sync  
  5. Define the NSRP interfaces to monitor

4. Save the configuration.

5. Connect the HA cable(s) only from the replacement backup to the primary unit --- DO NOT connect the replacement unit to the network at this time.

6. Issue the following command on the backup device to sync the primary config to the backup:

exec nsrp sync global-config save

7. After the sync command completes, turn off the replacement backup unit.  Connect the interface to the network, then turn the unit back on.

8.  Confirm NSRP is up and running correctly by checking the following items

  • issue the following command to confirm the configuration files are in sync exec nsrp sync global-config check-sum
  • issue various commands to confirm the RTO are in sync, such as get session 
  • get nsrp

9. With the backup unit in sync and the cables connected to the network, fail the primary unit.

10.  Swap out the old primary with the replacement device.  Follow the steps above beginning with step 3.

The above process should allow the network to continue without interruption.

Modification History:
2020-12-26: Content re-reviewed for accuracy, article is correct and complete, minor non-technical changes.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search