I just finished configuring 2 SSG 550 in HA (Active/Passive). Very simple configuration using 2 ports for HA monitoring the LAN and WAN ports. No weight parameters and such. Synchronization of RTOs enabled. We have tested multiple scenarios and have been very pleased with the smooth transition from the master to the standby server. Just for curiosity we unplugged the 2 HA connections between the 2 of them and saw that both of them after a couple of minutes both of them "see" themselves as the master one. Is there any way to prevent this from happening? Maybe ask them to failover to the LAN port if the 2 HA ports are down? Or this is to be expected? Thanks
Basic HA configuration in our servers:
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "Untrust"
set interface "ethernet0/2" zone "HA"
set interface "ethernet0/3" zone "HA"
set nsrp cluster id 1
set nsrp rto-mirror sync
set nsrp vsd-group id 0 priority 100
set nsrp monitor interface ethernet0/0
set nsrp monitor interface ethernet0/1