A pair of nodes participating in stateful NAT inter-chassis redundancy must have matching NAT configurations, the inside service-id and outside service-id. That is, parameters other than the configuration items referring to local objects, such as ports and interfaces, should be configured with the same values on both nodes.
For example,
config isa nat-group inter-chassis-redundancy keepalive interval dropcount count
must be the same on both nodes.
However, the statement
config isa nat-group inter-chassis-redundancy monitor-port port-id
does not need to match because each node can monitor its own set of unique ports, or not monitor ports at all.
Detection of configuration mismatch is logged in the system and operators are encouraged to check the logs periodically for any misaligned statements.
Certain configuration changes can be performed online while nodes are in redundant configuration. Other changes that result in deleting flows or subscribers are blocked in classic CLI and cannot be performed online. In MD-CLI, committing such changes disables inter-chassis NAT redundancy and then enables it after the commit is completed. Such changes include the manipulation of NAT pools with active flows or subscribers, or removing NAT policies for active subscribers. Other changes require redundancy to be shut down.