Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] How to configure preempt and priority NSRP options. How to force one firewall to be the preferred primary.

0

0

Article ID: KB11373 KB Last Updated: 23 Mar 2021Version: 6.0
Summary:
How to force a device in the cluster to be the preferred primary?
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). 
Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Symptoms:
One of the firewalls of the cluster needs to be the preferred primary.  How do you configure this?
Solution:

The NSRP parameters preempt and priority are used to control the preferred primary. 

  1.   On the preferred primary, enable 'preempt' mode and assign a lower priority to the firewall in the cluster.

    Configuration example:
    Important:  The device with the lowest priority will be the preferred primary.

    nsisg1000(M)-> set nsrp vsd-group id 0 priority 50  <- To assign priority to device. By default the priority is 100
    nsisg1000(M)-> set nsrp vsd-group id 0 preempt      <- To enable preempt mode


    To verify configuration:

    nsisg1000(M)get nsrp vsd-group
    VSD group info:
    init hold time: 5
    heartbeat lost threshold: 3
    heartbeat interval: 1000(ms)
    master always exist: disabled
    group priority preempt holddown inelig   master       PB other members
        0       50 yes            3 no       myself 12090607
    total number of vsd groups: 1
    Total iteration=375750,time=399053148,max=6586,min=274,average=1062

  2.   On the other firewall, the preferred backup, only the priority needs to be specified.  Assign the priority to be a higher value than the priority of the preferred primary.

    nsisg1000(B)-> set nsrp vsd-group id 0 priority 100 


Note:  A preempt hold-time may also be configured on the preferred primary.  Refer to the Concepts & Examples ScreenOS Reference Guide: Vol 11, High Availability for more information. 

Modification History:
2021-03-23: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search