I have never messed with MNHA, but one thing sticks out to me as weird srx01 is Active for the RG's, but backup for the Control Plane. Is that normal? Why would the active RG node, not also be the Active control plane during normal operation?
Kevin On Mon, Aug 4, 2025 at 12:40 PM Aaron Gould via juniper-nsp < [email protected]> wrote: > I have (2) SRX2300 firewalls in the switching/default gateway MNHA > mode. Anyone know why I'm not seeing sessions synchronized to the > backup srx? I'm I correct that active/backup provides for session state > to be sent to backup for hitless failover? > > They both run current JTAC recommended 23.4R2-S5.5 > > They both have exact same interfaces for untrust, trust and ha-link zones > > Let me know if you need any more info from me to assist with tshoot. > > > root@srx01> show chassis high-availability information | grep > "status|group|state" > Node Status: ONLINE > Encrypted: NO Conn State: UP > Cold Sync Status: COMPLETE > Services Redundancy Group: 0 > Current State: ONLINE > Services Redundancy Group: 1 > Status: ACTIVE > Process Packet In Backup State: NO > Control Plane State: READY > Status : BACKUP > Health Status: HEALTHY > > > root@srx02> show chassis high-availability information | grep > "status|group|state" > Node Status: ONLINE > Encrypted: NO Conn State: UP > Cold Sync Status: COMPLETE > Services Redundancy Group: 0 > Current State: ONLINE > Services Redundancy Group: 1 > Status: BACKUP > Process Packet In Backup State: NO > Control Plane State: READY > Status : ACTIVE > Health Status: HEALTHY > > > > nothing seen on backup.... > > ============================================================== > > root@srx01> show security flow session destination-prefix 12.0.1.28 > > Session ID: 718626, Policy name: default-permit/5, HA State: Active, > Timeout: 1800, Session State: Valid > > In: 192.168.11.5/37862 --> 12.0.1.28/23;tcp, Conn Tag: 0x0, If: ae2.0, > Pkts: 123, Bytes: 5014, HA Wing State: Active, > > Out: 12.0.1.28/23 --> 123.123.123.226/9616;tcp, Conn Tag: 0x0, If: > ae1.0, Pkts: 112, Bytes: 10648, HA Wing State: Active, > > Total sessions: 1 > > ============================================================== > > root@srx02> show security flow session destination-prefix 12.0.1.28 > > Total sessions: 0 > > root@srx02> show security flow session session-state ? > > Possible completions: > > active-warm MNHA session with one active wing and one warm wing > > backup L2 HA backup session > > warm L3 HA warm session > > root@srx02> show security flow session session-state active-warm > > Total sessions: 0 > > root@srx02> show security flow session session-state backup > > Total sessions: 0 > > root@srx02> show security flow session session-state warm > > Total sessions: 0 > > > -- > -Aaron > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
