[j-nsp] Juniper SRX MNHA

Mon Aug 4 14:39:56 EDT 2025

I have (2) SRX2300 firewalls in the switching/default gateway MNHA 
mode.  Anyone know why I'm not seeing sessions synchronized to the 
backup srx?  I'm I correct that active/backup provides for session state 
to be sent to backup for hitless failover?

They both run current JTAC recommended 23.4R2-S5.5

They both have exact same interfaces for untrust, trust and ha-link zones

Let me know if you need any more info from me to assist with tshoot.

root at srx01> show chassis high-availability information | grep 
"status|group|state"
Node Status: ONLINE
     Encrypted: NO     Conn State: UP
     Cold Sync Status: COMPLETE
Services Redundancy Group: 0
         Current State: ONLINE
Services Redundancy Group: 1
         Status: ACTIVE
         Process Packet In Backup State: NO
         Control Plane State: READY
           Status : BACKUP
           Health Status: HEALTHY

root at srx02> show chassis high-availability information | grep 
"status|group|state"
Node Status: ONLINE
     Encrypted: NO     Conn State: UP
     Cold Sync Status: COMPLETE
Services Redundancy Group: 0
         Current State: ONLINE
Services Redundancy Group: 1
         Status: BACKUP
         Process Packet In Backup State: NO
         Control Plane State: READY
           Status : ACTIVE
           Health Status: HEALTHY

nothing seen on backup....

==============================================================

root at srx01> show security flow session destination-prefix 12.0.1.28

Session ID: 718626, Policy name: default-permit/5, HA State: Active, 
Timeout: 1800, Session State: Valid

In: 192.168.11.5/37862 --> 12.0.1.28/23;tcp, Conn Tag: 0x0, If: ae2.0, 
Pkts: 123, Bytes: 5014, HA Wing State: Active,

Out: 12.0.1.28/23 --> 123.123.123.226/9616;tcp, Conn Tag: 0x0, If: 
ae1.0, Pkts: 112, Bytes: 10648, HA Wing State: Active,

Total sessions: 1

==============================================================

root at srx02> show security flow session destination-prefix 12.0.1.28

Total sessions: 0

root at srx02> show security flow session session-state ?

Possible completions:

active-warm MNHA session with one active wing and one warm wing

backup L2 HA backup session

warm L3 HA warm session

root at srx02> show security flow session session-state active-warm

Total sessions: 0

root at srx02> show security flow session session-state backup

Total sessions: 0

root at srx02> show security flow session session-state warm

Total sessions: 0

-- 
-Aaron