It is possible that the configuration settings can become unsynchronized; this can happen if you make any configuration changes on one device while another in the cluster reboots or if all HA links fail. This article documents how to get the cluster back in sync. This article is also referenced from the
NSRP Resolution Guide.
How do I troubleshoot an Active/Passive NSRP cluster with configurations out of sync?
Use the steps below to correct configs out of sync. To view the flowchart for these steps, select:
KB9817 Flowchart
In the article, Firewall-A refers to the device that is initially configured as the Master device. Firewall-B is the device that is initially configured to be the Backup device.
Did you enter the minimum NSRP configuration options? Refer to: KB6015- What is the basic configuration I need to get an NSRP cluster working.
- Yes - Continue with Step 2
- No - Finish configuring the minimum NSRP parameters.
Attempt to sync the configurations manually.
NOTE: Make sure you perform the command on the correct firewall, and make sure you correctly respond with No to the 'save config' prompt.
For assistance, consult: KB6351 - How do you sync an Active / Passive NSRP pair.
Continue with Step 3
Are the configurations now in Sync? For information on how to check, consult: KB6359 - How do I check if the Active/Passive NSRP pair configurations are in sync?
Are all the Hardware and Software requirements met? For information on the minimum requirements, consult: KB11432 - What are the minimum hardware and software requirements for NSRP.
- Yes - Continue with Step 5
- No - Resolve any deficiencies with the requirements.
Compare the configuration files between Firewall-A and Firewall-B. Do they match? For assistance, consult: KB11325 - When comparing the NSRP cluster configuration, what should I check.
Check list of 'out of sync' possible reasons in KB11326.
If still out of sync after consulting the list, Continue with Step 7.
For additional assistance, collect the information listed in KB11175- What information do I need to collect before opening an NSRP case. Once the data has been collected, open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) , 408-745-9500 for domestic or international, OR login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.
2017-12-07: Article reviewed for accuracy. No changes made. Article is correct and complete.