Simple NSRP configuration

A quick NSRP configuration for reference purposes;

VSD: Virtual Security Device, it is a container for VSIs.
VSI: Virtual Security Interface.

NSRP is slightly different than VRRP when it comes to IP floating. In VRRP, nodes have their own IPs and acquire master IP during failover. However in NSRP, there is only one interface IP floating between nodes.

manage-ip: It is node specific and doesn’t float like VSI address.
HA-links: Only a single link is needed indeed but there are advantages of having dual HA links.

Active/Passive NSRP Configuration

First of all connect both firewalls via their eth0/8-eth0/8 and eth0/9-eth0/9 interfaces.

1) Configure HA zones on both firewalls;

2) Activate NSRP, assign a name to cluster and set a VSD (Virtual Security Device) group

As advised by the output we reset FW2.

3) Now time to configure NSRP parameters;

4) If both the devices are synced enable config syncronization

->set nsrp config sync

5) Monitored Interface Config

FW1

FW2

Some Useful commands;

Check config synronization
>exec nsrp sync global-config check-sum
Forcing Config Syncronization
>exec nsrp sync global-config save
Show Info about cluster
>get nsrp
Show config differences
>exec nsrp sync global diff

One thought on “Simple NSRP configuration

You have a feedback?