Re: ISG2000 High Availability issue

Hello vikassingh, 

Check the output from another Node 

CORE-FIREWALL-2(I)-> get nsrp 
nsrp version: 2.0

cluster info:
cluster id: 1, no name
local unit id: 9693312
active units discovered: 
index: 0, unit id: 9693312, ctrl mac: 00268893e896 , data mac: 00268893e896
index: 1, unit id: 9628416, ctrl mac: 00268892eb16 , data mac: 00268892eb16
total number of units: 2

VSD group info:
init hold time: 5
heartbeat lost threshold: 3
heartbeat interval: 1000(ms)
master always exist: disabled
group priority preempt holddown inelig master PB other members myself uptime
0 100 no 3 no 9628416 none myself(inoperable) 07:09:23 
total number of vsd groups: 1
Total iteration=25764,time=75214168,max=388773,min=962,average=2919

RTO mirror info:
run time object sync: enabled
route synchronization: enabled
ping session sync: enabled
coldstart sync done
nsrp data packet forwarding is enabled

nsrp link info:
control channel: ethernet2/2 (ifnum: 22) mac: 00268893e896 state: up
data channel: ethernet2/2 (ifnum: 22) mac: 00268893e896 state: up
ha secondary path link not available

NSRP encryption: disabled
NSRP authentication: disabled 
device based nsrp monitoring threshold: 255, weighted sum: 0, not failed
device based nsrp monitor interface: 
device based nsrp monitor zone: 
device based nsrp track ip: (weight: 255, disabled)
number of gratuitous arps: 4 (default)
config sync: enabled

track ip: disabled

CORE-FIREWALL-2(I)-> get config | include nsrp
set nsrp cluster id 1
set nsrp rto-mirror sync
set nsrp rto-mirror route
set nsrp vsd-group id 0 priority 100
set nsrp vsd-group id 0 monitor interface ethernet1/1
set nsrp vsd-group id 0 monitor interface ethernet1/2

CORE-FIREWALL-2(I)-> get nsrp monitor interface all 
device based nsrp monitor interface:

VSD group 0 monitor interface: ethernet1/1(weight 255, UP) ethernet1/2(weight 255, DOWN)

CORE-FIREWALL-2(I)-> get nsrp cluster 
cluster id: 1, no name
local unit id: 9693312
active units discovered: 
index: 0, unit id: 9693312, ctrl mac: 00268893e896 , data mac: 00268893e896
index: 1, unit id: 9628416, ctrl mac: 00268892eb16 , data mac: 00268892eb16
total number of units: 2

CORE-FIREWALL-2(I)-> get nsrp rto-mirror

RTO mirror info:
run time object sync: enabled
route synchronization: enabled
ping session sync: enabled
coldstart sync done

In above stats i have found eth1/2 down, and after properly inserting the cable, it came UP.

Now i have following questions

1). Will the changes made on Master( during the time back in INOPERABLE state)  be auto copied to Backup ? or some manual command needs to be run?

2). What's the track IP option used for? do i need to track any IP? 

3). What is the function of rto-mirror? what info it gives us ?

4). I have another interface which i want to track/monitor, Do i need another VSD group?