@user853 wrote:
Thanks for your answrs. Will start look into routing instances then:)
This is generally what it would look like:
interfaces {
ge-0/0/1 {
description "Guest internet";
unit 0 {
family inet {
address 1.1.1.2/24;
}
}
}
ge-0/0/2 {
description "Guest inside";
unit 0 {
family inet {
address 2.2.2.1/24;
}
}
}
ge-0/0/3 {
description internet;
unit 0 {
family inet {
address 3.3.3.2/24;
}
}
}
ge-0/0/4 {
description inside;
unit 0 {
family inet {
address 4.4.4.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 3.3.3.1;
}
}
security {
zones {
security-zone Guest-internet {
interfaces {
ge-0/0/1.0;
}
}
security-zone Guest-inside {
interfaces {
ge-0/0/2.0;
}
}
security-zone internet {
interfaces {
ge-0/0/3.0;
}
}
security-zone inside {
interfaces {
ge-0/0/4.0;
}
}
}
}
routing-instances {
Guest {
instance-type virtual-router;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
routing-options {
static {
route 0.0.0.0/0 next-hop 1.1.1.1;
}
}
}
}
You would have to then create security policies from zone to zone.
And if you ever wanted the guest network to communicate with the other network, you'd have to do some creative routing.