Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

After upgrade to ScreenOS 6.2.0, the VSI state of a backup device changes from Inactive to Down. Why?

0

0

Article ID: KB13985 KB Last Updated: 31 Mar 2014Version: 3.0
Summary:
After upgrade to ScreenOS 6.2.0, the VSI state of a backup device changes from Inactive to Down. Why ?
Symptoms:

Solution:
The "DOWN" status of the interfaces on the backup device is correct, per design in ScreenOS 6.2.0.

This change of behavior is related to "NSRP data-forwarding".

Prior to ScreenOS 6.2.0, the firewall always sets the status of the non-master VSI as Inactive, irregardless of the availability of data-forwarding.

In ScreenOS 6.2.0, the non-master VSI will be set as DOWN under the following conditions (when data-forwarding is not available):
  • HA Data Link is not available      
  • or
  • NSRP data packet forwarding is disabled <--- unset nsrp data-forwarding
ssg5-isdn-wlan(B)-> get int eth0/1
Interface ethernet0/1(VSI):
description ethernet0/1
number 5, if_info 2040, if_index 0, mode nat
link down(packet forwarding disabled), phy-link up/full-duplex
status change:1, last change:04/17/2009 19:38:48
vsys Root, zone DMZ, vr trust-vr, vsd 0
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 2.2.2.1/24 mac 0010.dbff.6050
*manage ip 2.2.2.1, mac 0017.cb8f.8785

However, if there is a "manage-ip" configured on an interface, the interface state will be set as 'inactive'.    

ssg5-isdn-wlan(B)-> get int eth0/0
Interface ethernet0/0(VSI):
description ethernet0/0
number 0, if_info 0, if_index 0, mode route
link inactive, phy-link up/full-duplex
status change:1, last change:04/17/2009 19:38:48
vsys Root, zone Untrust, vr trust-vr, vsd 0
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
ip 1.1.1.1/24 mac 0010.dbff.6000
manage ip 1.1.1.2, mac 0017.cb8f.8780

Note:For more information, refer to the Concepts and Examples, ScreenOS Reference Guide, Volume 11 High Availability, pages 8-9: http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/ce_v11.pdf.  
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search