[j-nsp] Juniper SRX MNHA

Mon, 04 Aug 2025 11:40:27 -0700

I have (2) SRX2300 firewalls in the switching/default gateway MNHA mode.  Anyone know why I'm not seeing sessions synchronized to the backup srx?  I'm I correct that active/backup provides for session state to be sent to backup for hitless failover? 

They both run current JTAC recommended 23.4R2-S5.5

They both have exact same interfaces for untrust, trust and ha-link zones

Let me know if you need any more info from me to assist with tshoot.
root@srx01> show chassis high-availability information | grep "status|group|state" 
Node Status: ONLINE
    Encrypted: NO     Conn State: UP
    Cold Sync Status: COMPLETE
Services Redundancy Group: 0
        Current State: ONLINE
Services Redundancy Group: 1
        Status: ACTIVE
        Process Packet In Backup State: NO
        Control Plane State: READY
          Status : BACKUP
          Health Status: HEALTHY
root@srx02> show chassis high-availability information | grep "status|group|state" 
Node Status: ONLINE
    Encrypted: NO     Conn State: UP
    Cold Sync Status: COMPLETE
Services Redundancy Group: 0
        Current State: ONLINE
Services Redundancy Group: 1
        Status: BACKUP
        Process Packet In Backup State: NO
        Control Plane State: READY
          Status : ACTIVE
          Health Status: HEALTHY



nothing seen on backup....

==============================================================

root@srx01> show security flow session destination-prefix 12.0.1.28
Session ID: 718626, Policy name: default-permit/5, HA State: Active, Timeout: 1800, Session State: Valid
In: 192.168.11.5/37862 --> 12.0.1.28/23;tcp, Conn Tag: 0x0, If: ae2.0, Pkts: 123, Bytes: 5014, HA Wing State: Active,
Out: 12.0.1.28/23 --> 123.123.123.226/9616;tcp, Conn Tag: 0x0, If: ae1.0, Pkts: 112, Bytes: 10648, HA Wing State: Active, 

Total sessions: 1

==============================================================

root@srx02> show security flow session destination-prefix 12.0.1.28

Total sessions: 0

root@srx02> show security flow session session-state ?

Possible completions:

active-warm MNHA session with one active wing and one warm wing

backup L2 HA backup session

warm L3 HA warm session

root@srx02> show security flow session session-state active-warm

Total sessions: 0

root@srx02> show security flow session session-state backup

Total sessions: 0

root@srx02> show security flow session session-state warm

Total sessions: 0


--
-Aaron


_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to