{"id":124,"date":"2009-09-04T00:00:00","date_gmt":"2009-09-04T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2009\/09\/04\/nsrp\/"},"modified":"2021-07-24T18:59:41","modified_gmt":"2021-07-24T18:59:41","slug":"nsrp","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html","title":{"rendered":"Netscreen &#8211; NSRP"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6626521ac51e0\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6626521ac51e0\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#HA_Setups\" title=\"HA Setups\">HA Setups<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#HA_Feature_Sets\" title=\"HA Feature Sets\">HA Feature Sets<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#SOHO\" title=\"SOHO\">SOHO<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#NSRP-Lite\" title=\"NSRP-Lite\">NSRP-Lite<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#NSRP\" title=\"NSRP\">NSRP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#NSRP_States\" title=\"NSRP States\">NSRP States<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#Cluster_Traffic\" title=\"Cluster Traffic\">Cluster Traffic<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#NSRP_Track_IP\" title=\" NSRP Track IP\"> NSRP Track IP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#RTO_Mirroring\" title=\"RTO Mirroring\">RTO Mirroring<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#Split_Brain\" title=\" Split Brain\"> Split Brain<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\/#%E2%80%9CNo_Brain%E2%80%9D_Situation\" title=\"&#8220;No Brain&#8221; Situation\">&#8220;No Brain&#8221; Situation<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"HA_Setups\"><\/span><strong>HA Setups<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>There are 3 main types of HA setup, they are,<\/p>\n<ul>\n<li><strong> Active \/ Passive<\/strong> <strong> <\/strong>&#8211; All traffic passes the active node. In the event of failure the backup firewall is activated, and traffic flow is resumed.<\/li>\n<li><strong>Active \/ Active<\/strong> &#8211; Both Firewalls share the network load. In the event of failure all traffic is passed through the working node.<\/li>\n<li><strong>Active \/ Active Full Mesh<\/strong> &#8211; This setup eliminates any single point of failure. Every link to each node, switch, and router is cabled twice to allow for complete redundancy.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"HA_Feature_Sets\"><\/span><strong>HA Feature Sets<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span class=\"ez-toc-section\" id=\"SOHO\"><\/span><strong>SOHO<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>This allows for you to configure a secondary untrust interface. Of which in the event of failure the secondary link will become active, in order to restore connectivity. You can use either the available serial port or ethernet port for your secondary link, allowing you to connect ADSL Modems or Routers. <br \/>By default you must manually initiate a failover from the CLI.<\/p>\n<p>The various commands are below,<\/p>\n<p class=\"codemulti\">ns5gt-&gt; exec failover force &lt;- failover manual<br \/>ns5gt-&gt; exec failover revert &lt;- revert ack<br \/>ns5gt-&gt; exec failover auto &lt;- enable automatic failover<\/p>\n<p>To allow the link to stabilize there is a default hold down timer of 30secs. If required you can modify this by using the command,<\/p>\n<p class=\"codemulti\">ns5gt-&gt; set failover hold-down [number of seconds]<\/p>\n<p>SOHO only monitors the link between the Netscreen and the modem or the router. So if there is a problem with the ISP service the Netscreen will not failover.<br \/> To allow you to configure this setup (dual untrust) you will need to be using a port mode of &#8220;dual-untrust&#8221; or &#8220;combined&#8221;.<br \/> To confirm which mode you are running use the command `get system`. You can change the mode by using `exec port-mode dual-untrust` command, but be warned this will cause all the configuration to be erased.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"NSRP-Lite\"><\/span><strong>NSRP-Lite<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>This allows for Active\/Passive setup with configuration synchronization. But does not provide Run-Time Object synchronization (discussed later) or an Active\/Active setup.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"NSRP\"><\/span><strong>NSRP<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>NSRP is the protocol that allows clustered Netscreens to communicate with each other and allows them to exchange state information. Which in turn allows them to make the required decisions to ensure traffic is still passed in the event of failure.<\/p>\n<p>When NSRP is enabled a VSD (Virtual Security Device) is created, along with the configuration of the physical interfaces being applied to VSI`s Virtual Security Interfaces. Each VSD belongs to a VSD group. In each VSD group, one VSD is nominated as a master VSD. Each VSD will sit on each firewall. Only the master VSD (Active firewall) will pass the traffic. Along with this the IP addresses assigned to a VSI follow the master VSD. With regards to the management IP`s these stay static to each firewall.<\/p>\n<p>&nbsp;<\/p>\n<\/p>\n<p><strong> <\/strong><\/p>\n<h4><span class=\"ez-toc-section\" id=\"NSRP_States\"><\/span><strong>NSRP States<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>At any one time each VSD can be in one of 6 states.<\/p>\n<ol>\n<li>Master<\/li>\n<li>Primary Backup<\/li>\n<li>Backup<\/li>\n<li>Initial<\/li>\n<li>Ineligible<\/li>\n<li>Inoperable<\/li>\n<\/ol>\n<p><strong>Initial<\/strong> &#8211; Occurs when a VSD is first created due to reboot or configuration change. While in this state the VSD learns other devices in the VSD group, syncs the state with other VSD`s, and elections for which VSD should be master.<br \/> <strong>Master or Backup<\/strong> &#8211; Each VSD then either goes into a master or backup state.<br \/> <strong>Primary backup<\/strong> &#8211; If the backup node finds there is no primary backup VSD it sets itself to the Primary Backup for the VSD group. When in this state the VSD can either be prompted to master due to the old VSD disappearing or goes into an inoperable state.<br \/> <strong>Inoperable<\/strong> &#8211; The VSD will go into this state if it detects a failure that stops it from passing traffic, when in this state the VSD isnt included in elections.<br \/> <strong>Ineligible<\/strong> &#8211; This is an administratively down state of a VSD, of which is done manually. `set nsrp vsd-group id [number] mode ineligable`.<\/p>\n<p>The Master VSD is determined,<\/p>\n<ul>\n<li>if there is no other VSD then the devices wins and becomes active<\/li>\n<li>if there are 2 VSDs the device with the lowest priority wins ( `set nsrp vsd-group id X priority N` )<\/li>\n<li>if both devices have same priority or its not set then the VSD with the lowest MAC address wins.&nbsp;<\/li>\n<\/ul>\n<p>A fail over can be caused by any of the following,<\/p>\n<ul>\n<li>Software crashes<\/li>\n<li>Hardware or power failure<\/li>\n<li>Link failure on monitored interfaces or zones<\/li>\n<li>Unavailability of one or more Tracked IP`s<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Cluster_Traffic\"><\/span><strong>Cluster Traffic<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>2 types of packets are exchanged over HA Links. These are control messages and data packets.<\/p>\n<ul>\n<li>Control messages : Consists of Heartbeats, Link probes, VSD stat information and session synchronizations.<\/li>\n<li>Data packets&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : This is normal user traffic which is passed from one firewall to another. This happens in an Active\/Active HA setup.<\/li>\n<\/ul>\n<p>To check if both devices are in sync run the command,<\/p>\n<p class=\"codemulti\">ns5gt-&gt; clear db<br \/>ns5gt-&gt; exec nsrp sync global-config check-sum<br \/>ns5gt-&gt; get db str<\/p>\n<h3><span class=\"ez-toc-section\" id=\"NSRP_Track_IP\"><\/span><strong> NSRP Track IP<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Interface Track IP and VPN monitoring are not included with NSRP. NSRP Tracking allows you to fail across your cluster in the event of IP`s becoming unreachable. Such as a router IP. This allows for failovers in the event of a Netscreen interface or switch port failing. <br \/>If in the event of failure you required your traffic to take an alternative route, a configuration option would be to,<\/p>\n<ol>\n<li>Disable the default VSD group<\/li>\n<li>Create a new VSD group but leave out your interfaces that you require as being local.<\/li>\n<li>Set Track IP to poll an IP address (such as your Router)<\/li>\n<\/ol>\n<p>In the event of failover this would prevent the failed interface from moving to the other VSD.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"RTO_Mirroring\"><\/span><strong>RTO Mirroring<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Real-Time Object mirroring allows dynamic based information to be synchronized between the cluster nodes, such as DHCP leases, VPN sessions etc.<br \/> To enable RTO use the following commands, <\/p>\n<p class=\"codemulti\">ns5gt-&gt; set nsrp cluster id1<br \/>ns5gt-&gt; set nsrp rto-mirror sync<\/p>\n<p>With some insecure protocols you may wish to disable sessions created by a certain policy from being mirrored when dealing with DoS attacks.To change this,<\/p>\n<ol>\n<li>Go into the policy<\/li>\n<li>Select &#8220;Advanced&#8221;<\/li>\n<li>Deselect &#8220;HA Session Backup&#8221; and click return.<\/li>\n<li>Click OK<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Split_Brain\"><\/span><strong> Split Brain<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Split Brain is a situation where the HA link fails and in turn both devices believe the other device has failed and then promotes itself to master.<\/p>\n<p>There are 3 methods in which you can prevent this situation from arising,<\/p>\n<ol>\n<li>Dual HA links.<\/li>\n<li>Connect the Ha links directly using cross over cables.<\/li>\n<li>Add a secondary path for the HA link. This will use an existing traffic interfaces and is enabled via the commands.<\/li>\n<\/ol>\n<p class=\"codemulti\">ns5gt-&gt; adding a secondary path<br \/>ns5gt-&gt; set nsrp secondary-path eth1<\/p>\n<h4><span class=\"ez-toc-section\" id=\"%E2%80%9CNo_Brain%E2%80%9D_Situation\"><\/span><strong>&#8220;No Brain&#8221; Situation<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>In this situation both switches\/switch ports fail. Both firewalls may be plugged into the same switch or different switches which may fail due to power failure etc. This causes both firewalls to place themselves into an inoperable state and then backup. Causing both firewalls to be in a backup state.<\/p>\n<p>To ensure that one device is always master you can use the command,<\/p>\n<p class=\"codemulti\">ns5gt-&gt; set nsrp vsd-group master-always-exists<\/p>\n<p>The main issue with this occurs in a situation where both switches\/switch ports fail for one network (i.e trust) and then a switch\/switch port fails on the active node. In this case the cluster will not fail across to the secondary node even though it is the best candiate for master.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HA Setups There are 3 main types of HA setup, they are, Active \/ Passive &#8211; All traffic passes the active node. In the event of failure the backup firewall is activated, and traffic flow is resumed. Active \/ Active &#8211; Both Firewalls share the network load. In the event of failure all traffic is &#8230; <a title=\"Netscreen &#8211; NSRP\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\" aria-label=\"Read more about Netscreen &#8211; NSRP\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":123,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Netscreen - NSRP - Fir3net<\/title>\n<meta name=\"description\" content=\"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netscreen - NSRP - Fir3net\" \/>\n<meta property=\"og:description\" content=\"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2009-09-04T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T18:59:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png\" \/>\n\t<meta property=\"og:image:width\" content=\"456\" \/>\n\t<meta property=\"og:image:height\" content=\"141\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Netscreen &#8211; NSRP\",\"datePublished\":\"2009-09-04T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:59:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\"},\"wordCount\":1244,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png\",\"articleSection\":[\"Juniper Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\",\"name\":\"Netscreen - NSRP - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png\",\"datePublished\":\"2009-09-04T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:59:41+00:00\",\"description\":\"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png\",\"width\":456,\"height\":141},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Juniper Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/juniper\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Netscreen &#8211; NSRP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netscreen - NSRP - Fir3net","description":"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html","og_locale":"en_US","og_type":"article","og_title":"Netscreen - NSRP - Fir3net","og_description":"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html","og_site_name":"Fir3net","article_published_time":"2009-09-04T00:00:00+00:00","article_modified_time":"2021-07-24T18:59:41+00:00","og_image":[{"width":456,"height":141,"url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png","type":"image\/jpeg"}],"author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Netscreen &#8211; NSRP","datePublished":"2009-09-04T00:00:00+00:00","dateModified":"2021-07-24T18:59:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html"},"wordCount":1244,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png","articleSection":["Juniper Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html","name":"Netscreen - NSRP - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png","datePublished":"2009-09-04T00:00:00+00:00","dateModified":"2021-07-24T18:59:41+00:00","description":"HA Setups There are 3 main types of HA setup, they are, Active \/ Passive - All traffic passes the active node. In the event of failure the backup firewall","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#primaryimage","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2009\/09\/images_legacy_NSRP.png","width":456,"height":141},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/nsrp.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Juniper Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/juniper"},{"@type":"ListItem","position":5,"name":"Netscreen &#8211; NSRP"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/124"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=124"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/124\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media\/123"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}